openstreetmap
Install RIPE Atlas Anchor @ Amsterdam
OpenStreetMap has been approved for hosting a RIPE Atlas Anchor.
The Anchor is currently linked to @Firefishy RIPE account.
The anchor is a virtual machine or container based.
https://atlas.ripe.net/docs/howtos/installing-atlas-anchor https://github.com/Jamesits/docker-ripe-atlas
Since https://github.com/Jamesits/docker-ripe-atlas/pull/66 container images are available via GHCR.
That presumably also means whatever host we put it on will need to bridge it's LAN interface with the container?
That presumably also means whatever host we put it on will need to bridge it's LAN interface with the container?
Yes likely. I will confirm once I have tested the config.
Hi @Firefishy
I saw the PR you opened on Jamesits/docker-ripe-atlas, and I'm assuming your plan would be to run the RIPE Atlas anchor in a container.
The ripe-atlas-anchor package does indeed exist (and is published for various platforms, including Debian), but it would only useful when combined with the other services that run on an Anchor. Those are not dependencies of the package, but rather they are installed and updated via the given ISO, as the Anchors are maintained remotely.
A relevant excerpt from the "Host an Anchor" www.ripe.net page:
Anchors are always installed with the latest Oracle Linux 9 packages, and automatically update themselves. For major release upgrades a full network re-installation is performed, nothing on disk is retained.
For context, I currently work on the RIPE Atlas probe code, which is deployed on all probe types (software, hardware, anchor), but the anchors themselves are maintained by other engineers.
As such, this is kind of the extent of information I can provide, but to summarize, the Jamesits container would not work for an Anchor given the current VM approach.
-- Trix RIPE NCC
So reading that page it can only run on hardware or as a VM and not as a container? Is that right?
It also sounds like the VM has to be setup be installing from a bootable installer rather than there being a published disk image that can be booted?
I'm also not quite what you mean by a "full network re-installation" though - are you saying it somehow reinstalls itself? or that you might sometimes ask us to discard the image and reinstall?
So reading that page it can only run on hardware or as a VM and not as a container? Is that right?
Correct, currently Anchors run either on bare metal, or within a VM.
It also sounds like the VM has to be setup be installing from a bootable installer rather than there being a published disk image that can be booted?
I believe the disk image is generated per-anchor and thus sent to the anchor host, instead of published publicly.
I'm also not quite what you mean by a "full network re-installation" though - are you saying it somehow reinstalls itself? or that you might sometimes ask us to discard the image and reinstall?
Kind of, the Anchors are maintained remotely by the RIPE NCC. This "full network re-installation" only applies to major upgrades though, like the one that happened last year. During that upgrade, the Anchors did reinstall themselves, unless they were not compatible with the new OS version, due to f.i. unsupported hardware/VM specifications, only in that case was the host contacted. This is actually described in the follow-up post.
-- Trix RIPE NCC
Hmmm, I'm now thinking it might be better for us to get hardware. I run Protectli hardware at home and am very happy with it.
Do we want to get anchors at both our main sites?
Yes, that is the goal, but will need RIPE approval.
This issue gets a bit of a chuckle from me, as in "happy ending", after having to convince dfk years back that it wasn't a good idea to use an OSM lookalike name for what is now Atlas.
I have email RIPE to ask for a switch from Virtual to Physical Hardware for the RIPE Atlas Anchor application.