Merge branch 'dev' into debug-tools

aws/bootnode.yml

@@ -60,7 +60,6 @@
   tags: bootnode
 
 - name: Installing python
-  hosts: all
   hosts: launched
   gather_facts: False
   user: ubuntu
@@ -71,20 +70,6 @@
     - name: Install python
       raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
 
-- name: Configure instance(s)
-  hosts: launched
-  user: ubuntu
-  become: True
-  vars:
-     ansible_ssh_port: 22
-  gather_facts: True
-  roles:
-    - preconf
-  tags: preconf
-  tasks:
-    - name: restart machine after setup
-      shell: shutdown -r 1
-
 - name: Create bootnode elastic ip
   hosts: localhost
   gather_facts: False

aws/explorer.yml

@@ -60,7 +60,6 @@
   tags: explorer
 
 - name: Installing python
-  hosts: all
   hosts: launched
   gather_facts: False
   user: ubuntu
@@ -71,20 +70,6 @@
     - name: Install python
       raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
 
-- name: Configure instance(s)
-  hosts: launched
-  user: ubuntu
-  become: True
-  vars:
-     ansible_ssh_port: 22
-  gather_facts: True
-  roles:
-    - preconf
-  tags: preconf
-  tasks:
-    - name: restart machine after setup
-      shell: shutdown -r 1
-
 - name: EC2 access setup
   hosts: explorer
   become: True

aws/group_vars/all.yml.example

@@ -4,4 +4,59 @@ secret_key: "INSERT SECRET HERE"
 awskeypair_name: "keypairname"
 image: "ami-0b383171"
 region: "us-east-1"
-vpc_subnet_id: "subnet-ID-number"
+vpc_subnet_id: "subnet-ID-number"
+
+MAIN_REPO_FETCH: "poanetwork"
+GENESIS_BRANCH: "master"
+
+###Bootnode
+
+bootnode_instance_type: "t2.large"
+bootnode_instance_name: "bootnode"
+bootnode_count_instances: "1"
+
+bootnode_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-bootnode-security"
+
+associate_bootnode_elastic_ip: false
+
+allow_bootnode_ssh: true
+allow_bootnode_p2p: true
+allow_bootnode_rpc: false
+
+###Explorer
+
+explorer_instance_type: "t2.large" 
+explorer_instance_name: "explorer"
+explorer_count_instances: "1"
+
+explorer_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-explorer-security"
+
+allow_explorer_ssh: true
+allow_explorer_p2p: true
+allow_explorer_http: true
+
+
+###Moc
+
+moc_instance_type: "t2.large"
+moc_instance_name: "moc"
+moc_count_instances: "1"
+
+moc_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-moc-security"
+
+###Netstat
+
+netstat_instance_type: "t2.large"
+netstat_instance_name: "netstat"
+netstat_count_instances: "1"
+
+netstat_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-netstat-security"
+
+###Validator
+
+validator_instance_type: "t2.large"
+validator_instance_name: "validator"
+validator_count_instances: "1"
+
+validator_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-validator-security"
+associate_validator_elastic_ip: false

aws/group_vars/bootnode.yml.example

@@ -1,11 +0,0 @@
-bootnode_instance_type: "t2.large"
-bootnode_instance_name: "bootnode"
-bootnode_count_instances: "1"
-
-bootnode_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-bootnode-security"
-
-associate_bootnode_elastic_ip: false
-
-allow_bootnode_ssh: true
-allow_bootnode_p2p: true
-allow_bootnode_rpc: false

aws/group_vars/explorer.yml.example

@@ -1,9 +0,0 @@
-explorer_instance_type: "t2.large" 
-explorer_instance_name: "explorer"
-explorer_count_instances: "1"
-
-explorer_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-explorer-security"
-
-allow_explorer_ssh: true
-allow_explorer_p2p: true
-allow_explorer_http: true

aws/group_vars/moc.yml.example

@@ -1,5 +0,0 @@
-moc_instance_type: "t2.large"
-moc_instance_name: "moc"
-moc_count_instances: "1"
-
-moc_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-moc-security"

aws/group_vars/netstat.yml.example

@@ -1,5 +0,0 @@
-netstat_instance_type: "t2.large"
-netstat_instance_name: "netstat"
-netstat_count_instances: "1"
-
-netstat_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-netstat-security"

aws/group_vars/validator.yml.example

@@ -1,6 +0,0 @@
-validator_instance_type: "t2.large"
-validator_instance_name: "validator"
-validator_count_instances: "1"
-
-validator_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-validator-security"
-associate_validator_elastic_ip: false

aws/hosts.example

@@ -1,26 +0,0 @@
-# This is the default ansible 'hosts' file.
-#
-# It should live in /etc/ansible/hosts
-#
-#   - Comments begin with the '#' character
-#   - Blank lines are ignored
-#   - Groups of hosts are delimited by [header] elements
-#   - You can enter hostnames or ip addresses
-#   - A hostname/ip can be a member of multiple groups
-
-[bootnode]
-
-[moc]
-
-[netstat]
-
-[validator]
-
-[explorer]
-
-[poa:children]
-bootnode
-moc
-netstat
-validator
-explorer

aws/moc.yml

@@ -60,7 +60,6 @@
   tags: moc
 
 - name: Installing python
-  hosts: all
   hosts: launched
   gather_facts: False
   user: ubuntu
@@ -71,20 +70,6 @@
     - name: Install python
       raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
 
-- name: Configure instance(s)
-  hosts: launched
-  user: ubuntu
-  become: True
-  vars:
-     ansible_ssh_port: 22
-  gather_facts: True
-  roles:
-    - preconf
-  tags: preconf
-  tasks:
-    - name: restart machine after setup
-      shell: shutdown -r 1
-
 - name: EC2 access setup
   hosts: moc
   become: True

aws/netstat.yml

@@ -60,7 +60,6 @@
   tags: netstat
 
 - name: Installing python
-  hosts: all
   hosts: launched
   gather_facts: False
   user: ubuntu
@@ -71,20 +70,6 @@
     - name: Install python
       raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
 
-- name: Configure instance(s)
-  hosts: launched
-  user: ubuntu
-  become: True
-  vars:
-     ansible_ssh_port: 22
-  gather_facts: True
-  roles:
-    - preconf
-  tags: preconf
-  tasks:
-    - name: restart machine after setup
-      shell: shutdown -r 1
-
 - name: EC2 access setup
   hosts: netstat
   become: True

aws/validator.yml

@@ -60,7 +60,6 @@
   tags: validator
 
 - name: Installing python
-  hosts: all
   hosts: launched
   gather_facts: False
   user: ubuntu
@@ -71,20 +70,6 @@
     - name: Install python
       raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
 
-- name: Configure instance(s)
-  hosts: launched
-  user: ubuntu
-  become: True
-  vars:
-     ansible_ssh_port: 22
-  gather_facts: True
-  roles:
-    - preconf
-  tags: preconf
-  tasks:
-    - name: restart machine after setup
-      shell: shutdown -r 1
-
 - name: Create validator elastic ip
   hosts: localhost
   gather_facts: False

group_vars/all.yml.example

@@ -2,40 +2,174 @@
 ### Values set in this file are used for illustration only.
 ###
 ### To connect to an actual network, please follow instructions provided to you
-### on how to generate a valid `group_vars/all` file for the network.
+### on how to generate a valid `group_vars/` files for the network.
 ###
 
 ---
-user: ubuntu ### can be changed to centos or other if needed
-ssh_root:
-    - "{{ lookup('file', 'files/admins.pub') }}"
 
-NODE_FULLNAME: "INSERT NODENAME"
-NODE_ADMIN_EMAIL: "INSERT@EMAIL"
+###The following variables are network-wide. They should be kept at all.yml file.
 
-NETSTATS_SERVER: "INSERT SERVERNAME"
-NETSTATS_SECRET: "INSERT SECRET"
+#Block gas limit
+BLK_GAS_LIMIT: "6700000"
 
-MINING_KEYFILE: "INSERT HERE"
-MINING_ADDRESS: "INSERT HERE"
-MINING_KEYPASS: "INSERT HERE"
-
-MAIN_REPO_FETCH: "poanetwork"
+#github branch that store genesis file (aka genesis.json, spec.json, chain.json, ...)
 GENESIS_BRANCH: "master"
+
+#NetworkName as specified in genesis file
 GENESIS_NETWORK_NAME: "PoANetwork"
 
-MOC_ADDRESS: "INSERT HERE"
-MOC_KEYPASS: "INSERT HERE"
-MOC_KEYFILE: "INSERT HERE"
+#github account from which all repositories will be downloaded
+MAIN_REPO_FETCH: "poanetwork"
 
+#Hex-encoded address, including 0x prefix. For moc role it is used as mining key, for other nodes is used in other scripts.
+MOC_ADDRESS: "INSERT HERE"
+
+#name of the file to store password. Should not be changed
+NODE_PWD: "node.pwd"
+
+#url of the nodejs deb package to use, most importantly - version number
+NODE_SOURCE_DEB: "https://deb.nodesource.com/node_8.x"
+
+#url and sha256 checksum of the parity-orchestrator binary file
+ORCHESTRATOR_BIN_LOC: ""
+ORCHESTRATOR_BIN_SHA256: ""
+
+#url and sha256 checksum of the parity binary file
+PARITY_BIN_LOC: "https://d1h4xl4cr1h0mo.cloudfront.net/v1.9.2/x86_64-unknown-linux-gnu/parity"
+PARITY_BIN_SHA256: "3604a030388cd2c22ebe687787413522106c697610426e09b3c5da4fe70bbd33"
+
+#branch of poa-scripts-moc and poa-scripts-validator to use
 SCRIPTS_MOC_BRANCH: "master"
 SCRIPTS_VALIDATOR_BRANCH: "master"
 
-BLK_GAS_LIMIT: "6700000"
-NODE_PWD: "node.pwd"
 
-NODE_SOURCE_DEB: "https://deb.nodesource.com/node_8.x"
-PARITY_BIN_LOC: "https://d1h4xl4cr1h0mo.cloudfront.net/v1.9.2/x86_64-unknown-linux-gnu/parity"
-PARITY_BIN_SHA256: "3604a030388cd2c22ebe687787413522106c697610426e09b3c5da4fe70bbd33"
-ORCHESTRATOR_BIN_LOC: ""
-ORCHESTRATOR_BIN_SHA256: ""
+
+###The following variables are node-specific. They should be kept in group_vars/<node>.yml set of files. Alternatively they can be specifed at <role>/vars/main.yml file.
+
+##These variables are used in each role and usually propagated to the dependent roles. By default they are different for each role and it's highly recommended not to use single for multiple roles, escpecially when they are installed on the same machine. 
+
+#Which user will be used to connect to VMs
+ansible_user: ubuntu
+
+#User's name and directory, which will be used to execute role from. 
+#username: "<role>"
+#users:
+#  - name: "{{ username }}"
+#home: "/home/{{ username }}"
+
+#Node's descriptive name
+#NODE_FULLNAME: "INSERT NODENAME"
+
+#Node owner's email
+#NODE_ADMIN_EMAIL: "INSERT@EMAIL"
+
+#If this variable is set to "True" all the VMs will be rebooted after setup.
+reboot_after_completion: false
+
+
+##Bootnode-related variables.
+
+#Specifies whether or not to keep port 22 opened to allow ssh access
+allow_bootnode_ssh: true
+#Specifies whether or not to keep port 30303 opened to allow peer discovery
+allow_bootnode_p2p: true
+#Specifies whether or not to keep port 8545 opened to allow rpc on this port
+allow_bootnode_rpc: false
+
+#Specifies whether or not this node should be created with additional parameters to work as archive
+bootnode_archive: "off"
+#Specifies whether or not parity-orchestrator should be installed on this node and parity configured to use whisper
+bootnode_orchestrator: "off"
+
+
+##Explorer-related variables
+
+#Specifies whether or not to keep port 22 opened to allow ssh access
+allow_explorer_ssh: true
+#Specifies whether or not to keep port 30303 opened to allow peer discovery
+allow_explorer_p2p: true
+#Specifies whether or not to keep port 8545 opened to allow rpc on this port
+allow_explorer_http: true
+
+#Explicitly specifies the explorer version to use
+explorer_version: "acee07c"
+
+
+##Moc-related variables
+
+#Specifies whether or not this node should be created with additional parameters to work as archive
+moc_archive: "off"
+
+
+##Netstat-related variables
+
+
+##Validator-related variables
+
+#Specifies whether or not to keep port 22 opened to allow ssh access
+allow_validator_ssh: true
+#Specifies whether or not to keep port 30303 opened to allow peer discovery
+allow_validator_p2p: true
+
+#Specifies whether or not this node should be created with additional parameters to work as archive
+validator_archive: "off"
+
+
+##Nginx-related variables (subrole)
+
+#If this variable is set to true script will modify sysctl.conf and configure additional tcp settings.
+configure_extended_tcp_settings: false
+#Setup extended nginx headers. Used in bootnode, explorer and netstat roles.
+nginx_headers: "on"
+#Setup which proxy port should be used in nginx. Used in bootnode, explorer and netstat roles. 
+PROXY_PORT: "8545"
+
+
+##poa-netstats-related variables (subrole)
+
+#Explicitly specified api version to use
+api_version: "9773b5b" 
+
+
+##poa-parity-related variables (subrole)
+
+#This variables are intended to be set up if you want to run sub role explicitly.
+#validator_archive: "off"
+#bootnode_archive: "off"
+#moc_archive: "off"
+#bootnode_orchestrator: "off"
+
+
+
+###Those variables are intended to be specified by users. They don't have any reasonable defaults. Those variables should be specified at group_vars/<role> folder or at <role>/vars/main.yml.
+
+#Specifies the SSH public key file, that will be added to remote 'root' user as an authorized key
+#ssh_root:
+#    - "{{ lookup('file', 'files/admins.pub') }}"
+
+#Validator's mining keyfile content (json string)
+#MINING_KEYFILE: "INSERT HERE"
+
+#Validator's mining key address
+#MINING_ADDRESS: "INSERT HERE"
+
+#Validator's mining key password
+#MINING_KEYPASS: "INSERT HERE"
+
+#Master of Ceremony's account password
+#MOC_KEYPASS: "INSERT HERE"
+
+#Master of Ceremony's account keyfile
+#MOC_KEYFILE: "INSERT HERE"
+
+#Secret code to join netstats.  Important: For netstats role this option sets the password of the netstats. Master of Ceremony later provides it to other nodes.
+#NETSTATS_SECRET: "INSERT HERE"
+
+#URL of netstats server. Should be provided to users by Master of Ceremony
+#NETSTATS_SERVER: "INSERT HERE"
+
+#Node owner's email. Publicly visible in netstats
+#NODE_ADMIN_EMAIL: "INSERT HERE"
+
+#Node's descriptive name. Publicly visible in netstats
+#NODE_FULLNAME: "INSERT HERE"

group_vars/all.yml.network

@@ -1,5 +1,6 @@
 ---
-user: ubuntu
+ansible_user: ubuntu
+
 ansible_python_interpreter: /usr/bin/python3
 
 ssh_root:
@@ -22,5 +23,4 @@ GENESIS_BRANCH: "master"
 GENESIS_NETWORK_NAME: "PoA"
 
 MOC_ADDRESS: "0xdd0bb0e2a1594240fed0c2f2c17c1e9ab4f87126"
-BLK_GAS_LIMIT: "6700000"
-
+BLK_GAS_LIMIT: "6700000"

group_vars/bootnode.yml.example

@@ -8,10 +8,14 @@ username: "bootnode"
 users:
   - name: "{{ username }}"
 home: "/home/{{ username }}"
+
 nginx_headers: "on"
 PROXY_PORT: "8545"
+configure_extended_tcp_settings: false
 
 bootnode_archive: "off"
 bootnode_orchestrator: "off"
 
+
 install_debug_tools: "yes"
+reboot_after_completion: false

group_vars/explorer.yml.example

@@ -5,5 +5,7 @@ home: "/home/{{ username }}"
 
 nginx_headers: "off"
 PROXY_PORT: "3000"
-explorerS_SERVER: "localhost"
+configure_extended_tcp_settings: false
+
 install_debug_tools: "yes"
+reboot_after_completion: false

group_vars/moc.yml.example

@@ -15,3 +15,4 @@ home: "/home/{{ username }}"
 moc_archive: "off"
 
 install_debug_tools: "yes"
+reboot_after_completion: false

group_vars/netstat.yml.example

@@ -8,8 +8,10 @@ users:
   - name: "{{ username }}"
 home: "/home/{{ username }}"
 
+configure_extended_tcp_settings: false
 nginx_headers: "off"
 PROXY_PORT: "3000"
 NETSTATS_SERVER: "http://localhost:3000"
 
 install_debug_tools: "yes"
+reboot_after_completion: false

group_vars/validator.yml.example

@@ -16,3 +16,4 @@ home: "/home/{{ username }}"
 validator_archive: "off"
 
 install_debug_tools: "yes"
+reboot_after_completion: false

roles/bootnode/defaults/main.yml

@@ -4,4 +4,12 @@ user: ubuntu
 
 allow_bootnode_ssh: true
 allow_bootnode_p2p: true
-allow_bootnode_rpc: false
+allow_bootnode_rpc: false
+
+username: "bootnode"
+users:
+  - name: "{{ username }}"
+home: "/home/{{ username }}"
+
+bootnode_archive: "off"
+bootnode_orchestrator: "off"

roles/bootnode/meta/main.yml

@@ -1,7 +1,6 @@
 dependencies:
-  - { role: preconf }
   - { role: usermanager }
-# - { role: logentries }
+  - { role: preconf }
   - { role: nodejs }
   - { role: poa-logrotate }
   - { role: poa-parity }

roles/bootnode/tasks/main.yml

@@ -1,12 +1,16 @@
 ---
 
 - name: Create node.toml
-  template: src={{ item }}.j2 dest={{ home }}/node.toml owner=root group=root mode=0644
+  template: src={{ item }}.j2 dest={{ home }}/node.toml owner={{ username }} group={{ username }} mode=0644
   with_items:
    - node.toml
    
 - name: Setup ufw firewall
   import_tasks: ufw.yml
   when: not ansible_bios_version | search("amazon")
+  
+- name: restart machine after setup
+  shell: shutdown -r 1
+  when: reboot_after_completion == true
 
 #- file: path={{ home }} owner={{ username }} group={{ username }} recurse=yes

roles/explorer/defaults/main.yml

@@ -4,4 +4,17 @@ user: ubuntu
 
 allow_explorer_ssh: true
 allow_explorer_p2p: true
-allow_explorer_http: true
+allow_explorer_http: true
+
+username: "explorer"
+users:
+  - name: "{{ username }}"
+home: "/home/{{ username }}"
+
+nginx_headers: "off"
+PROXY_PORT: "3000"
+
+MAIN_REPO_FETCH: "poanetwork"
+MOC_ADDRESS: "0xdd0bb0e2a1594240fed0c2f2c17c1e9ab4f87126"
+
+explorer_version: "acee07c"

roles/explorer/meta/main.yml

@@ -1,6 +1,6 @@
 dependencies:
-  - { role: preconf }
   - { role: usermanager }
+  - { role: preconf }
   - { role: nodejs }
   - { role: poa-logrotate }
   - { role: poa-parity }

roles/explorer/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Create node.toml
-  template: src={{ item }}.j2 dest={{ home }}/node.toml owner=root group=root mode=0644
+  template: src={{ item }}.j2 dest={{ home }}/node.toml owner={{ username }} group={{ username }} mode=0644
   with_items:
    - node.toml
 
@@ -43,3 +43,8 @@
 - name: Setup ufw firewall
   import_tasks: ufw.yml
   when: not ansible_bios_version | search("amazon")
+  
+- name: restart machine after setup
+  shell: shutdown -r 1
+  when: reboot_after_completion == true
+

roles/logentries/handlers/main.yml

@@ -1,3 +0,0 @@
----
-- name: restart logentries
-  service: name=logentries state=restarted

roles/logentries/tasks/main.yml

@@ -1,47 +0,0 @@
----
-- name: Add logentries repository
-  apt_repository:
-    repo: 'deb http://rep.logentries.com/ {{ansible_distribution_release}} main'
-    state: present
-    filename: logentries
-
-- name: add repository key
-  apt_key:
-    keyserver: pgp.mit.edu
-    id: A5270289C43C79AD
-    state: present
-
-- name: Install logentries packages
-  apt: name={{ item }} state=present update_cache=yes
-  with_items:
-    - logentries
-    - logentries-daemon
-    - python-setproctitle
-
-- name: connect logentries account
-  shell: le reinit --user-key={{ logentries_user_key }}
-  notify:
-    - restart logentries
-
-- name: deactivate pull-server-side-config
-  lineinfile:
-    dest: /etc/le/config
-    regexp: "pull-server-side-config = "
-    line: "pull-server-side-config = False"
-  notify:
-    - restart logentries
-
-- name: create config folder
-  file:
-    path: /etc/le/conf.d
-    state: directory
-    mode: 0755
-
-- name: deploy config logentries
-  template: src=logentries.j2 dest=/etc/le/conf.d/{{ GENESIS_BRANCH }}.conf
-  notify:
-    - restart logentries
-
-- name: Ensure logentries is running and enabled to start at boot
-  service: name=logentries state=started enabled=yes
-

roles/logentries/templates/logentries.j2

@@ -1,33 +0,0 @@
-[install_err]
-path = /var/lib/waagent/custom-script/download/0/stderr
-destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
-[install_out]
-path = /var/lib/waagent/custom-script/download/0/stdout
-destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
-[dashboard_err]
-path = {{ logsprefix }}/dashboard.err
-destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
-[dashboard_out]
-path = {{ logsprefix }}/dashboard.out
-destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
-[parity_log]
-path = {{ logsprefix }}/parity.log
-destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
-[parity_err]
-path = {{ logsprefix }}/parity.err
-destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
-[parity_out]
-path = {{ logsprefix }}/parity.out
-destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
-[netstats_daemon_err]
-path = {{ logsprefix }}/netstats_daemon.err
-destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
-[netstats_daemon_out]
-path = {{ logsprefix }}/netstats_daemon.out
-destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
-[explorer_err]
-path = {{ logsprefix }}/explorer.err
-destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
-[explorer_out]
-path = {{ logsprefix }}/explorer.out
-destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}

roles/moc/defaults/main.yml

@@ -3,4 +3,29 @@
 user: ubuntu
 
 allow_moc_ssh: true
-allow_moc_p2p: true
+allow_moc_p2p: true
+
+NODE_FULLNAME: "moc"
+NODE_ADMIN_EMAIL: ""
+NODE_PWD: "node.pwd" # don't change this one
+
+NETSTATS_SERVER: ""
+NETSTATS_SECRET: ""
+
+MOC_ADDRESS: "0xdd0bb0e2a1594240fed0c2f2c17c1e9ab4f87126"
+MOC_KEYPASS: ""
+MOC_KEYFILE: ""
+
+SCRIPTS_MOC_BRANCH: "mainnet"
+GENESIS_NETWORK_NAME: "PoA"
+MAIN_REPO_FETCH: "poanetwork"
+
+BLK_GAS_LIMIT: "6700000"
+
+username: "moc"
+users:
+  - name: "{{ username }}"
+home: "/home/{{ username }}"
+
+moc_archive: "off"
+

roles/moc/meta/main.yml

@@ -1,6 +1,6 @@
 dependencies:
-  - { role: preconf }
   - { role: usermanager }
+  - { role: preconf }
   - { role: nodejs }
   - { role: poa-logrotate }
   - { role: poa-parity }

roles/moc/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Create node.toml
-  template: src={{ item }}.j2 dest={{ home }}/node.toml owner=root group=root mode=0644
+  template: src={{ item }}.j2 dest={{ home }}/node.toml owner={{ username }} group={{ username }} mode=0644
   with_items:
    - node.toml
 
@@ -42,4 +42,8 @@
 
 - name: Setup ufw firewall
   import_tasks: ufw.yml
-  when: not ansible_bios_version | search("amazon")
+  when: not ansible_bios_version | search("amazon")
+  
+- name: restart machine after setup
+  shell: shutdown -r 1
+  when: reboot_after_completion == true

roles/netstat/defaults/main.yml

@@ -4,3 +4,20 @@ user: ubuntu
 
 allow_netstat_ssh: true
 allow_netstat_http: true
+
+netstat_version: "cb431d6"
+
+NETSTATS_SERVER: "http://localhost:3000"
+NETSTATS_SECRET: ""
+MAIN_REPO_FETCH: "poanetwork"
+
+NODE_FULLNAME: "netstat"
+NODE_ADMIN_EMAIL: ""
+
+username: "netstat"
+users:
+  - name: "{{ username }}"
+home: "/home/{{ username }}"
+
+nginx_headers: "off"
+PROXY_PORT: "3000"

roles/netstat/meta/main.yml

@@ -1,6 +1,6 @@
 dependencies:
-  - { role: preconf }
   - { role: usermanager }
+  - { role: preconf }
   - { role: nodejs }
   - { role: poa-logrotate }
   - { role: nginx }

roles/netstat/tasks/main.yml

@@ -37,7 +37,7 @@
     - restart poa-dashboard
 
 - name: Install poa-dashboard service
-  template: src=poa-dashboard.j2 dest=/etc/systemd/system/poa-dashboard.service owner=root group=root mode=0755
+  template: src=poa-dashboard.j2 dest=/etc/systemd/system/poa-dashboard.service owner={{ username }} group={{ username }} mode=0755
   notify:
     - restart poa-dashboard
 
@@ -46,4 +46,8 @@
 
 - name: Setup ufw firewall
   import_tasks: ufw.yml
-  when: not ansible_bios_version | search("amazon")
+  when: not ansible_bios_version | search("amazon")
+  
+- name: restart machine after setup
+  shell: shutdown -r 1
+  when: reboot_after_completion == true

roles/nginx/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+
+PROXY_PORT: 3000
+configure_extended_tcp_settings: true

roles/nginx/tasks/main.yml

@@ -85,3 +85,8 @@
 - name: Ensure nginx is running and enabled to start at boot
   service: name=nginx state=started enabled=yes
   tags: nginx
+  
+- name: executing vars.yml
+  import_tasks: vars.yml
+  when: configure_extended_tcp_settings == true
+  

roles/nodejs/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+
+NODE_SOURCE_DEB: "https://deb.nodesource.com/node_8.x"

roles/nodejs/tasks/main.yml

@@ -10,7 +10,7 @@
 
 - name: Add nodejs repository
   apt_repository:
-    repo: 'deb {{ NODE_SOURCE_DEB }} {{ansible_distribution_release}} main'
+    repo: 'deb {{ NODE_SOURCE_DEB }} {{ ansible_distribution_release }} main'
     state: present
 
 - name: Install nodejs packages

roles/poa-logrotate/defaults/main.yml

@@ -0,0 +1,4 @@
+username: "poa"
+users:
+  - name: "{{ username }}"
+home: "/home/{{ username }}"

roles/poa-logrotate/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: Install poa-logrotate conf
-  template: src=poa-logrotate.conf.j2 dest={{ home }}/poa-logrotate.conf owner=root group=root mode=0644
+  template: src=poa-logrotate.conf.j2 dest={{ home }}/poa-logrotate.conf owner={{ username }} group={{ username }} mode=0644
 
 - name: Install poa-logrotate cron
   template: src=poa-logrotate.j2 dest=/etc/cron.hourly/poa-logrotate owner=root group=root mode=0755

roles/poa-netstats/defaults/main.yml

@@ -0,0 +1,16 @@
+---
+
+MAIN_REPO_FETCH: "poanetwork"
+GENESIS_NETWORK_NAME: "PoA"
+
+api_version: "9773b5b" 
+
+NODE_FULLNAME: ""
+NODE_ADMIN_EMAIL: ""
+NETSTATS_SERVER: ""
+NETSTATS_SECRET: ""
+
+username: "poa"
+users:
+  - name: "{{ username }}"
+home: "/home/{{ username }}"

roles/poa-orchestrator/defaults/main.yml

@@ -0,0 +1,9 @@
+---
+
+ORCHESTRATOR_BIN_LOC: ""
+ORCHESTRATOR_BIN_SHA256: ""
+
+username: "poa"
+users:
+  - name: "{{ username }}"
+home: "/home/{{ username }}"

roles/poa-orchestrator/tasks/main.yml

@@ -5,7 +5,7 @@
     - restart poa-orchestrator
 
 - name: Create parity-orchestrator.toml
-  template: src=parity-orchestrator.toml.j2 dest={{ home }}/parity-orchestrator.toml owner=root group=root mode=0644
+  template: src=parity-orchestrator.toml.j2 dest={{ home }}/parity-orchestrator.toml owner={{ username }} group={{ username }} mode=0644
 
 - name: Install poa-orchestrator service
   template: src=poa-orchestrator.j2 dest=/etc/systemd/system/poa-orchestrator.service owner=root group=root mode=0755

roles/poa-parity/defaults/main.yml

@@ -0,0 +1,21 @@
+---
+
+GENESIS_NETWORK_NAME: "PoA"
+PARITY_BIN_LOC: "https://d1h4xl4cr1h0mo.cloudfront.net/v1.9.2/x86_64-unknown-linux-gnu/parity"
+PARITY_BIN_SHA256: "3604a030388cd2c22ebe687787413522106c697610426e09b3c5da4fe70bbd33"
+
+NODE_FULLNAME: "default"
+NODE_ADMIN_EMAIL: "default@example.com"
+NETSTATS_SERVER: ""
+NETSTATS_SECRET: ""
+MOC_ADDRESS: "0xdd0bb0e2a1594240fed0c2f2c17c1e9ab4f87126"
+ 
+validator_archive: "off"
+bootnode_archive: "off"
+moc_archive: "off"
+bootnode_orchestrator: "off"
+
+username: "poa"
+users:
+  - name: "{{ username }}"
+home: "/home/{{ username }}"

roles/poa-parity/tasks/main.yml

@@ -16,7 +16,7 @@
     group: "{{ username }}"
 
 - name: Download parity-bin
-  get_url: url="{{ PARITY_BIN_LOC }}" dest={{ home }}/parity mode=0755 checksum="sha256:{{ PARITY_BIN_SHA256 }}"
+  get_url: url="{{ PARITY_BIN_LOC }}" dest={{ home }}/parity mode=0755 group={{ username }} owner={{ username }} checksum="sha256:{{ PARITY_BIN_SHA256 }}"
   notify:
     - restart poa-parity
 

roles/poa-pm2/defaults/main.yml

@@ -0,0 +1,8 @@
+---
+
+username: "poa"
+users:
+  - name: "{{ username }}"
+home: "/home/{{ username }}"
+
+GENESIS_NETWORK_NAME: "PoA"

roles/preconf/defaults/main.yml

@@ -0,0 +1,13 @@
+---
+
+username: "poa"
+users:
+  - name: "{{ username }}"
+home: "/home/{{ username }}"
+
+GENESIS_NETWORK_NAME: "PoA"
+MAIN_REPO_FETCH: "poanetwork"
+GENESIS_BRANCH: "master"
+
+ssh_root:
+    - "{{ lookup('file', 'files/admins.pub') }}"

roles/preconf/tasks/keys.yml

@@ -1,3 +1,4 @@
+---
 - name: Create directory parity_data/keys/NetworkName
   file:
     path: "{{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}"

roles/preconf/tasks/logs.yml

@@ -1,3 +1,4 @@
+---
 - name: Create logs directories
   file:
     path: "/{{ home }}/logs/old"

roles/preconf/tasks/main.yml

@@ -11,6 +11,6 @@
 - import_tasks: swap.yml
 - import_tasks: logs.yml
 - import_tasks: keys.yml
-  when: ‘netstat’ not in ansible_hostname
+  when: "'netstat' not in ansible_hostname"
 - import_tasks: spec.yml
-  when: ‘netstat’ not in ansible_hostname
+  when: "'netstat' not in ansible_hostname"

roles/preconf/tasks/spec.yml

@@ -1,5 +1,6 @@
+---
 - name: Download spec.json
-  get_url: url={{ item }} dest={{ home }}/ mode=0644
+  get_url: url={{ item }} dest={{ home }}/ mode=0644 group={{ username }} owner={{ username }}
   with_items:
     - "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/spec.json"
     - "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/bootnodes.txt"

roles/preconf/tasks/swap.yml

@@ -1,3 +1,4 @@
+---
 - name: Check if swap file exists
   stat:
     path: /swapfile

roles/usermanager/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+
+username: "poa"
+users:
+  - name: "{{ username }}"

roles/usermanager/tasks/main.yml

@@ -2,6 +2,10 @@
 - name: Create users
   user: name={{ item.name }} groups={{ item.addgroups | default('') }} shell=/bin/bash append=yes
   with_items: "{{ users }}"
+ 
+#Temporary directive created to workaround #24862 ansible issue  
+- name: Setup permission
+  file: path={{ home }} group={{ username }} owner={{ username }} recurse=yes state=directory
 
 - include_tasks: nested_authorized_key.yml
   with_items: "{{ users }}"

roles/validator/defaults/main.yml

@@ -2,6 +2,19 @@
 
 user: ubuntu
 
+username: "poa"
+users:
+  - name: "{{ username }}"
+
 allow_validator_ssh: true
 allow_validator_p2p: true
+validator_archive: "off"
 
+GENESIS_NETWORK_NAME: "PoA"
+NODE_PWD: "node.pwd" # don't change this one
+MINING_KEYFILE: ""
+MINING_KEYPASS: ""
+MINING_ADDRESS: "0xdd0bb0e2a1594240fed0c2f2c17c1e9ab4f87126"
+SCRIPTS_VALIDATOR_BRANCH: "mainnet"
+MAIN_REPO_FETCH: "poanetwork"
+BLK_GAS_LIMIT: "6700000"

roles/validator/meta/main.yml

@@ -1,6 +1,6 @@
 dependencies:
-  - { role: preconf }
   - { role: usermanager }
+  - { role: preconf }
   - { role: nodejs }
   - { role: poa-logrotate }
   - { role: poa-parity }

roles/validator/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Create node.toml
-  template: src={{ item }}.j2 dest={{ home }}/node.toml owner=root group=root mode=0644
+  template: src={{ item }}.j2 dest={{ home }}/node.toml owner={{ username }} group={{ username }} mode=0644
   with_items:
    - node.toml
 
@@ -40,3 +40,11 @@
 
 - name: Install Payout task.
   template: src=transferRewardToPayoutKey.j2 dest=/etc/cron.hourly/transferRewardToPayoutKey owner=root group=root mode=0755
+  
+- name: Setup ufw firewall
+  import_tasks: ufw.yml
+  when: not ansible_bios_version | search("amazon")
+  
+- name: restart machine after setup
+  shell: shutdown -r 1
+  when: reboot_after_completion == true