poanetwork
/
deployment-playbooks
mirror of https://github.com/poanetwork/deployment-playbooks.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #2 from poanetwork/master 

Update
This commit is contained in:
Arsenii Petrovich 2018-07-04 02:31:13 +03:00 committed by GitHub
parent 51a270a868 3b360df6ab
commit 5bf233455b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
131 changed files with 1283 additions and 1242 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitignore vendored
View File

@ -7,6 +7,12 @@ group_vars/validator
group_vars/netstat
group_vars/moc
roles/bootnode/vars/main.yml
roles/explorer/vars/main.yml
roles/validator/vars/main.yml
roles/netstat/vars/main.yml
roles/moc/vars/main.yml
hosts
.vagrant/*

1
Vagrantfile vendored
View File

@ -19,6 +19,7 @@ Vagrant.configure("2") do |config|
node.vm.hostname = machine
node.vm.provision :ansible do |ansible|
ansible.compatibility_mode = "2.0"
ansible.playbook = "site.yml"
ansible.groups = {
"validator" => ["validator"],

1
ansible.cfg
View File

@ -8,7 +8,6 @@ gathering = implicit
timeout = 10
host_key_checking = False
remote_user = root
ansible_managed = This file is managed by ansible
[ssh_connection]

16
aws/ansible.cfg Normal file
View File

@ -0,0 +1,16 @@
# config file for ansible -- http://ansible.com/
[defaults]
remote_tmp = $HOME/.ansible/tmp
forks = 20
gathering = implicit
# SSH timeout
timeout = 10
host_key_checking = False
remote_user = root
ansible_managed = This file is managed by ansible
[ssh_connection]
pipelining = True
scp_if_ssh = True

98
aws/bootnode.yml Normal file
View File

@ -0,0 +1,98 @@
---
- name: Create bootnode security group
hosts: localhost
gather_facts: False
tasks:
- name: Create Security group
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ bootnode_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: bootnode
- name: Create bootnode
hosts: localhost
gather_facts: False
vars:
volumes:
- device_name: /dev/sda1
volume_size: 128
delete_on_termination: true
tasks:
- name: Launch instance
ec2:
id: "{{ bootnode_instance_name }}"
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
key_name: "{{ awskeypair_name }}"
instance_tags:
Name: "{{ bootnode_instance_name }}"
group: "{{ bootnode_security_group }}"
instance_type: "{{ bootnode_instance_type }}"
image: "{{ image }}"
count: "{{ bootnode_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2
- name: Add new instance to host group
add_host: hostname={{ item.public_ip }} groupname=launched
with_items: "{{ ec2.instances }}"
- name: Wait for SSH to come up
wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started
with_items: "{{ ec2.instances }}"
when: ec2.changed
tags: bootnode
- name: Installing python
hosts: launched
gather_facts: False
user: ubuntu
become: True
vars:
ansible_ssh_port: 22
tasks:
- name: Install python
raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
- name: Create bootnode elastic ip
hosts: localhost
gather_facts: False
tasks:
- name: associate elastic ip for bootnode
ec2_eip:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
region: "{{ region }}"
reuse_existing_ip_allowed: yes
state: present
in_vpc: yes
device_id: "{{ ec2.instance_ids[0] }}"
register: instance_elastic_ip
when: associate_bootnode_elastic_ip == true
- debug: var=instance_elastic_ip.public_ip
when: associate_bootnode_elastic_ip == true
- name: EC2 access setup
hosts: bootnode
become: True
roles:
- bootnode-access

79
aws/explorer.yml Normal file
View File

@ -0,0 +1,79 @@
---
- name: Create explorer security group
hosts: localhost
gather_facts: False
tasks:
- name: Create Security group
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ explorer_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: explorer
- name: Create explorer
hosts: localhost
gather_facts: False
vars:
volumes:
- device_name: /dev/sda1
volume_size: 128
delete_on_termination: true
tasks:
- name: Launch instance
ec2:
id: "{{ bootnode_instance_name }}"
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
key_name: "{{ awskeypair_name }}"
instance_tags:
Name: "{{ explorer_instance_name }}"
group: "{{ explorer_security_group }}"
instance_type: "{{ explorer_instance_type }}"
image: "{{ image }}"
count: "{{ explorer_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2
- name: Add new instance to host group
add_host: hostname={{ item.public_ip }} groupname=launched
with_items: "{{ ec2.instances }}"
- name: Wait for SSH to come up
wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started
with_items: "{{ ec2.instances }}"
when: ec2.changed
tags: explorer
- name: Installing python
hosts: launched
gather_facts: False
user: ubuntu
become: True
vars:
ansible_ssh_port: 22
tasks:
- name: Install python
raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
- name: EC2 access setup
hosts: explorer
become: True
roles:
- explorer-access

94
group_vars/all.network → aws/group_vars/all.yml.example
View File

@ -1,80 +1,62 @@
---
ansible_python_interpreter: /usr/bin/python3
ssh_root:
- "{{ lookup('file', 'files/admins.pub') }}"
access_key: "INSERT KEY HERE"
secret_key: "INSERT SECRET HERE"
awskeypair_name: "keypairname"
image: "ami-0b383171"
region: "us-east-1"
vpc_subnet_id: "subnet-ID-number"
NODE_PWD: "node.pwd" # don't change this one
NODE_SOURCE_DEB: "https://deb.nodesource.com/node_8.x"
PARITY_BIN_LOC: "https://d1h4xl4cr1h0mo.cloudfront.net/v1.9.2/x86_64-unknown-linux-gnu/parity"
PARITY_BIN_SHA256: "3604a030388cd2c22ebe687787413522106c697610426e09b3c5da4fe70bbd33"
ORCHESTRATOR_BIN_LOC: ""
ORCHESTRATOR_BIN_SHA256: ""
SCRIPTS_MOC_BRANCH: "mainnet"
SCRIPTS_VALIDATOR_BRANCH: "mainnet"
MAIN_REPO_FETCH: "poanetwork"
GENESIS_BRANCH: "master"
GENESIS_NETWORK_NAME: "PoA"
MOC_ADDRESS: "0xdd0bb0e2a1594240fed0c2f2c17c1e9ab4f87126"
BLK_GAS_LIMIT: "6700000"
###Bootnode
#bootnode
bootnode_instance_type: "t2.large"
bootnode_instance_name: "bootnode"
bootnode_count_instances: "1"
bootnode_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-bootnode-security"
bootnode_archive: "off"
bootnode_orchestrator: "off"
#netstat
netstat_instance_type: "t2.large"
netstat_instance_name: "netstat"
netstat_count_instances: "1"
netstat_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-netstat-security"
associate_bootnode_elastic_ip: false
#validator
validator_instance_type: "t2.large"
validator_instance_name: "validator"
validator_count_instances: "1"
validator_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-validator-security"
validator_archive: "off"
#moc
moc_instance_type: "t2.large"
moc_instance_name: "moc"
moc_count_instances: "1"
moc_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-moc-security"
moc_archive: "off"
#explorer
explorer_instance_type: "t2.large"
explorer_instance_name: "explorer"
explorer_count_instances: "1"
explorer_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-explorer-security"
#restrict network access to instances
allow_bootnode_ssh: true
allow_bootnode_p2p: true
allow_bootnode_rpc: true
associate_bootnode_elastic_ip: false
allow_bootnode_rpc: false
###Explorer
explorer_instance_type: "t2.large"
explorer_instance_name: "explorer"
explorer_count_instances: "1"
explorer_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-explorer-security"
allow_explorer_ssh: true
allow_explorer_p2p: true
allow_explorer_http: true
allow_moc_ssh: true
allow_moc_p2p: true
allow_netstat_ssh: true
allow_netstat_http: true
###Moc
allow_validator_ssh: true
allow_validator_p2p: true
moc_instance_type: "t2.large"
moc_instance_name: "moc"
moc_count_instances: "1"
moc_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-moc-security"
###Netstat
netstat_instance_type: "t2.large"
netstat_instance_name: "netstat"
netstat_count_instances: "1"
netstat_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-netstat-security"
###Validator
validator_instance_type: "t2.large"
validator_instance_name: "validator"
validator_count_instances: "1"
validator_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-validator-security"
associate_validator_elastic_ip: false
################################################################

79
aws/moc.yml Normal file
View File

@ -0,0 +1,79 @@
---
- name: Create moc security group
hosts: localhost
gather_facts: False
tasks:
- name: Create Security group
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ moc_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: moc
- name: Create moc
hosts: localhost
gather_facts: False
vars:
volumes:
- device_name: /dev/sda1
volume_size: 128
delete_on_termination: true
tasks:
- name: Launch instance
ec2:
id: "{{ bootnode_instance_name }}"
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
key_name: "{{ awskeypair_name }}"
instance_tags:
Name: "{{ moc_instance_name }}"
group: "{{ moc_security_group }}"
instance_type: "{{ moc_instance_type }}"
image: "{{ image }}"
count: "{{ moc_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2
- name: Add new instance to host group
add_host: hostname={{ item.public_ip }} groupname=launched
with_items: "{{ ec2.instances }}"
- name: Wait for SSH to come up
wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started
with_items: "{{ ec2.instances }}"
when: ec2.changed
tags: moc
- name: Installing python
hosts: launched
gather_facts: False
user: ubuntu
become: True
vars:
ansible_ssh_port: 22
tasks:
- name: Install python
raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
- name: EC2 access setup
hosts: moc
become: True
roles:
- moc-access

79
aws/netstat.yml Normal file
View File

@ -0,0 +1,79 @@
---
- name: Create netstat security group
hosts: localhost
gather_facts: False
tasks:
- name: Create Security group
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ netstat_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: netstat
- name: Create netstat
hosts: localhost
gather_facts: False
vars:
volumes:
- device_name: /dev/sda1
volume_size: 128
delete_on_termination: true
tasks:
- name: Launch instance
ec2:
id: "{{ bootnode_instance_name }}"
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
key_name: "{{ awskeypair_name }}"
instance_tags:
Name: "{{ netstat_instance_name }}"
group: "{{ netstat_security_group }}"
instance_type: "{{ netstat_instance_type }}"
image: "{{ image }}"
count: "{{ netstat_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2
- name: Add new instance to host group
add_host: hostname={{ item.public_ip }} groupname=launched
with_items: "{{ ec2.instances }}"
- name: Wait for SSH to come up
wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started
with_items: "{{ ec2.instances }}"
when: ec2.changed
tags: netstat
- name: Installing python
hosts: launched
gather_facts: False
user: ubuntu
become: True
vars:
ansible_ssh_port: 22
tasks:
- name: Install python
raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
- name: EC2 access setup
hosts: netstat
become: True
roles:
- netstat-access

0
roles/bootnode-access/tasks/ec2.yml → aws/roles/bootnode-access/tasks/ec2.yml
View File

4
aws/roles/bootnode-access/tasks/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
- name: Setup EC2 firewall
import_tasks: ec2.yml
when: ansible_bios_version is search("amazon")

0
roles/explorer-access/tasks/ec2.yml → aws/roles/explorer-access/tasks/ec2.yml
View File

4
aws/roles/explorer-access/tasks/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
- name: Setup EC2 firewall
import_tasks: ec2.yml
when: ansible_bios_version is search("amazon")

0
roles/moc-access/tasks/ec2.yml → aws/roles/moc-access/tasks/ec2.yml
View File

4
aws/roles/moc-access/tasks/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
- name: Setup EC2 firewall
import_tasks: ec2.yml
when: ansible_bios_version is search("amazon")

0
roles/netstat-access/tasks/ec2.yml → aws/roles/netstat-access/tasks/ec2.yml
View File

4
aws/roles/netstat-access/tasks/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
- name: Setup EC2 firewall
import_tasks: ec2.yml
when: ansible_bios_version is search("amazon")

0
roles/validator-access/tasks/ec2.yml → aws/roles/validator-access/tasks/ec2.yml
View File

4
aws/roles/validator-access/tasks/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
- name: Setup EC2 firewall
import_tasks: ec2.yml
when: ansible_bios_version is search("amazon")

19
aws/site.yml Normal file
View File

@ -0,0 +1,19 @@
- name: Bootnode deployment
import_playbook: bootnode.yml
tags: bootnode
- name: Explorer deployment
import_playbook: explorer.yml
tags: explorer
- name: Moc deployment
import_playbook: moc.yml
tags: moc
- name: Netstat deployment
import_playbook: netstat.yml
tags: netstat
- name: Validator deployment
import_playbook: validator.yml
tags: validator

98
aws/validator.yml Normal file
View File

@ -0,0 +1,98 @@
---
- name: Create validator security group
hosts: localhost
gather_facts: False
tasks:
- name: Create Security group
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ validator_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: validator
- name: Create validator
hosts: localhost
gather_facts: False
vars:
volumes:
- device_name: /dev/sda1
volume_size: 128
delete_on_termination: true
tasks:
- name: Launch instance
ec2:
id: "{{ bootnode_instance_name }}"
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
key_name: "{{ awskeypair_name }}"
instance_tags:
Name: "{{ validator_instance_name }}"
group: "{{ validator_security_group }}"
instance_type: "{{ validator_instance_type }}"
image: "{{ image }}"
count: "{{ validator_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2
- name: Add new instance to host group
add_host: hostname={{ item.public_ip }} groupname=launched
with_items: "{{ ec2.instances }}"
- name: Wait for SSH to come up
wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started
with_items: "{{ ec2.instances }}"
when: ec2.changed
tags: validator
- name: Installing python
hosts: launched
gather_facts: False
user: ubuntu
become: True
vars:
ansible_ssh_port: 22
tasks:
- name: Install python
raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
- name: Create validator elastic ip
hosts: localhost
gather_facts: False
tasks:
- name: associate elastic ip for validator
ec2_eip:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
region: "{{ region }}"
reuse_existing_ip_allowed: yes
state: present
in_vpc: yes
device_id: "{{ ec2.instance_ids[0] }}"
register: instance_elastic_ip
when: associate_validator_elastic_ip == true
- debug: var=instance_elastic_ip.public_ip
when: associate_validator_elastic_ip == true
- name: EC2 access setup
hosts: validator
become: True
roles:
- validator-access

105
bootnode.yml
View File

@ -1,105 +1,4 @@
---
- name: Create bootnode security group
hosts: localhost
gather_facts: False
tasks:
- name: Create Security group
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ bootnode_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: bootnode
- name: Create bootnode
hosts: localhost
gather_facts: False
vars:
volumes:
- device_name: /dev/sda1
volume_size: 128
delete_on_termination: true
tasks:
- name: Launch instance
ec2:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
key_name: "{{ awskeypair_name }}"
instance_tags:
Name: "{{ bootnode_instance_name }}"
group: "{{ bootnode_security_group }}"
instance_type: "{{ bootnode_instance_type }}"
image: "{{ image }}"
count: "{{ bootnode_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2
- name: Add new instance to host group
add_host: hostname={{ item.public_ip }} groupname=launched
with_items: "{{ ec2.instances }}"
- name: Wait for SSH to come up
wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started
with_items: "{{ ec2.instances }}"
tags: bootnode
- name: Installing python
hosts: all
hosts: launched
gather_facts: False
user: ubuntu
- hosts: bootnode
become: True
vars:
ansible_ssh_port: 22
tasks:
- name: Install python
raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
- name: Configure instance(s)
hosts: launched
user: ubuntu
become: True
vars:
ansible_ssh_port: 22
gather_facts: True
roles:
- preconf
tags: preconf
tasks:
- name: restart machine after setup
shell: shutdown -r 1
- name: Create bootnode elastic ip
hosts: localhost
gather_facts: False
tasks:
- name: associate elastic ip for bootnode
ec2_eip:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
region: "{{ region }}"
reuse_existing_ip_allowed: yes
state: present
in_vpc: yes
device_id: "{{ ec2.instance_ids[0] }}"
register: instance_elastic_ip
when: associate_bootnode_elastic_ip == true
- debug: var=instance_elastic_ip.public_ip
when: associate_bootnode_elastic_ip == true
- bootnode

86
explorer.yml
View File

@ -1,86 +1,4 @@
---
- name: Create explorer security group
hosts: localhost
gather_facts: False
tasks:
- name: Create Security group
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ explorer_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: explorer
- name: Create explorer
hosts: localhost
gather_facts: False
vars:
volumes:
- device_name: /dev/sda1
volume_size: 128
delete_on_termination: true
tasks:
- name: Launch instance
ec2:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
key_name: "{{ awskeypair_name }}"
instance_tags:
Name: "{{ explorer_instance_name }}"
group: "{{ explorer_security_group }}"
instance_type: "{{ explorer_instance_type }}"
image: "{{ image }}"
count: "{{ explorer_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2
- name: Add new instance to host group
add_host: hostname={{ item.public_ip }} groupname=launched
with_items: "{{ ec2.instances }}"
- name: Wait for SSH to come up
wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started
with_items: "{{ ec2.instances }}"
tags: explorer
- name: Installing python
hosts: all
hosts: launched
gather_facts: False
user: ubuntu
- hosts: explorer
become: True
vars:
ansible_ssh_port: 22
tasks:
- name: Install python
raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
- name: Configure instance(s)
hosts: launched
user: ubuntu
become: True
vars:
ansible_ssh_port: 22
gather_facts: True
roles:
- preconf
tags: preconf
tasks:
- name: restart machine after setup
shell: shutdown -r 1
- explorer

102
group_vars/all.example
View File

@ -1,102 +0,0 @@
### This file is used as a reference only and contains all possible options for all roles.
### Values set in this file are used for illustration only.
###
### To connect to an actual network, please follow instructions provided to you
### on how to generate a valid `group_vars/all` file for the network.
###
---
ssh_root:
- "{{ lookup('file', 'files/admins.pub') }}"
access_key: "INSERT KEY HERE"
secret_key: "INSERT SECRET HERE"
awskeypair_name: "keypairname"
image: "ami-0b383171"
region: "us-east-1"
vpc_subnet_id: "subnet-ID-number"
NODE_FULLNAME: "INSERT NODENAME"
NODE_ADMIN_EMAIL: "INSERT@EMAIL"
NETSTATS_SERVER: "INSERT SERVERNAME"
NETSTATS_SECRET: "INSERT SECRET"
MINING_KEYFILE: "INSERT HERE"
MINING_ADDRESS: "INSERT HERE"
MINING_KEYPASS: "INSERT HERE"
MAIN_REPO_FETCH: "poanetwork"
GENESIS_BRANCH: "master"
GENESIS_NETWORK_NAME: "PoANetwork"
MOC_ADDRESS: "INSERT HERE"
MOC_KEYPASS: "INSERT HERE"
MOC_KEYFILE: "INSERT HERE"
SCRIPTS_MOC_BRANCH: "master"
SCRIPTS_VALIDATOR_BRANCH: "master"
BLK_GAS_LIMIT: "6700000"
NODE_PWD: "node.pwd"
NODE_SOURCE_DEB: "https://deb.nodesource.com/node_8.x"
PARITY_BIN_LOC: "https://d1h4xl4cr1h0mo.cloudfront.net/v1.9.2/x86_64-unknown-linux-gnu/parity"
PARITY_BIN_SHA256: "3604a030388cd2c22ebe687787413522106c697610426e09b3c5da4fe70bbd33"
ORCHESTRATOR_BIN_LOC: ""
ORCHESTRATOR_BIN_SHA256: ""
#bootnode
bootnode_instance_type: "t2.large"
bootnode_instance_name: "bootnode"
bootnode_count_instances: "1"
bootnode_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-bootnode-security"
bootnode_archive: "off"
bootnode_orchestrator: "off"
#netstat
netstat_instance_type: "t2.large"
netstat_instance_name: "netstat"
netstat_count_instances: "1"
netstat_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-netstat-security"
#validator
validator_instance_type: "t2.large"
validator_instance_name: "validator"
validator_count_instances: "1"
validator_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-validator-security"
validator_archive: "off"
#moc
moc_instance_type: "t2.large"
moc_instance_name: "moc"
moc_count_instances: "1"
moc_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-moc-security"
moc_archive: "off"
#explorer
explorer_instance_type: "t2.large"
explorer_instance_name: "explorer"
explorer_count_instances: "1"
explorer_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-explorer-security"
#restrict network access to instances
allow_bootnode_ssh: true
allow_bootnode_p2p: true
allow_bootnode_rpc: true
associate_bootnode_elastic_ip: false
allow_explorer_ssh: true
allow_explorer_p2p: true
allow_explorer_http: true
allow_moc_ssh: true
allow_moc_p2p: true
allow_netstat_ssh: true
allow_netstat_http: true
allow_validator_ssh: true
allow_validator_p2p: true
associate_validator_elastic_ip: false

187
group_vars/all.yml.example Normal file
View File

@ -0,0 +1,187 @@
### This file is used as a reference only and contains all possible options for all roles.
### Values set in this file are used for illustration only.
###
### To connect to an actual network, please follow instructions provided to you
### on how to generate a valid `group_vars/` files for the network.
###
---
###The following variables are network-wide. They should be kept at all.yml file.
#Block gas limit
BLK_GAS_LIMIT: "6700000"
#github branch that store genesis file (aka genesis.json, spec.json, chain.json, ...)
GENESIS_BRANCH: "master"
#NetworkName as specified in genesis file
GENESIS_NETWORK_NAME: "PoANetwork"
#github account from which all repositories will be downloaded
MAIN_REPO_FETCH: "poanetwork"
#Hex-encoded address, including 0x prefix. For moc role it is used as mining key, for other nodes is used in other scripts.
MOC_ADDRESS: "INSERT HERE"
#name of the file to store password. Should not be changed
NODE_PWD: "node.pwd"
#url of the nodejs deb package to use, most importantly - version number
NODE_SOURCE_DEB: "https://deb.nodesource.com/node_8.x"
#url and sha256 checksum of the parity-orchestrator binary file
ORCHESTRATOR_BIN_LOC: ""
ORCHESTRATOR_BIN_SHA256: ""
#url and sha256 checksum of the parity binary file
PARITY_BIN_LOC: "https://s3.us-east-2.amazonaws.com/poa-builds-parity-published/1.10.6/parity"
PARITY_BIN_SHA256: "539f4788fbd605a9cd87b5bf747b27ae05b8a4080b26aa3da645b0446fa9f9cc"
#branch of poa-scripts-moc and poa-scripts-validator to use
SCRIPTS_MOC_BRANCH: "master"
SCRIPTS_VALIDATOR_BRANCH: "master"
#Explicitly specifies method of privilege escalation
become_method: sudo
###The following variables are node-specific. They should be kept in group_vars/<node>.yml set of files. Alternatively they can be specifed at <role>/vars/main.yml file.
##These variables are used in each role and usually propagated to the dependent roles. By default they are different for each role and it's highly recommended not to use single for multiple roles, escpecially when they are installed on the same machine.
#Should playbook install ufw firewall to the nodes or not.
install_firewall: true
#Which user will be used to connect to VMs
#ansible_user: ubuntu
#Choose if to install debug tools
install_debug_tools: "no"
#User's name and directory, which will be used to execute role from.
#username: "<role>"
#users:
# - name: "{{ username }}"
#home: "/home/{{ username }}"
#Path to the public SSH key that will be installed to the service user.
install_keys_to_service_user: true
#Relative or absolute path to the file.
key_name: "id_rsa.pub"
#Node's descriptive name
#NODE_FULLNAME: "INSERT NODENAME"
#Node owner's email
#NODE_ADMIN_EMAIL: "INSERT@EMAIL"
#If this variable is set to "True" all the VMs will be rebooted after setup.
reboot_after_completion: false
#Path to spec.json file. If no file provided, spec.json will be downloaded from GitHub
spec_json: ""
#Path to bootnodes.txt. Must be provided if spec_json specified
bootnodes_txt: ""
##Bootnode-related variables.
#Specifies whether or not to keep port 22 opened to allow ssh access
allow_bootnode_ssh: true
#Specifies whether or not to keep port 30303 opened to allow peer discovery
allow_bootnode_p2p: true
#Specifies whether or not to keep port 8545 opened to allow rpc on this port
allow_bootnode_rpc: false
#Specifies whether or not this node should be created with additional parameters to work as archive
bootnode_archive: "off"
#Specifies whether or not parity-orchestrator should be installed on this node and parity configured to use whisper
bootnode_orchestrator: "off"
##Explorer-related variables
#Specifies whether or not to keep port 22 opened to allow ssh access
allow_explorer_ssh: true
#Specifies whether or not to keep port 30303 opened to allow peer discovery
allow_explorer_p2p: true
#Specifies whether or not to keep port 8545 opened to allow rpc on this port
allow_explorer_http: true
#Explicitly specifies the explorer version to use
explorer_version: "acee07c"
##Moc-related variables
#Specifies whether or not this node should be created with additional parameters to work as archive
moc_archive: "off"
##Netstat-related variables
##Validator-related variables
#Specifies whether or not to keep port 22 opened to allow ssh access
allow_validator_ssh: true
#Specifies whether or not to keep port 30303 opened to allow peer discovery
allow_validator_p2p: true
#Specifies whether or not this node should be created with additional parameters to work as archive
validator_archive: "off"
##Nginx-related variables (subrole)
#If this variable is set to true script will modify sysctl.conf and configure additional tcp settings.
configure_extended_tcp_settings: false
#Setup extended nginx headers. Used in bootnode, explorer and netstat roles.
nginx_headers: "on"
#Setup which proxy port should be used in nginx. Used in bootnode, explorer and netstat roles.
PROXY_PORT: "8545"
##poa-netstats-related variables (subrole)
#Explicitly specified api version to use
api_version: "9773b5b"
##poa-parity-related variables (subrole)
#This variables are intended to be set up if you want to run sub role explicitly.
#validator_archive: "off"
#bootnode_archive: "off"
#moc_archive: "off"
#bootnode_orchestrator: "off"
###Those variables are intended to be specified by users. They don't have any reasonable defaults. Those variables should be specified at group_vars/<role> folder or at <role>/vars/main.yml.
#Validator's mining keyfile content (json string)
#MINING_KEYFILE: "INSERT HERE"
#Validator's mining key address
#MINING_ADDRESS: "INSERT HERE"
#Validator's mining key password
#MINING_KEYPASS: "INSERT HERE"
#Master of Ceremony's account password
#MOC_KEYPASS: "INSERT HERE"
#Master of Ceremony's account keyfile
#MOC_KEYFILE: "INSERT HERE"
#Secret code to join netstats. Important: For netstats role this option sets the password of the netstats. Master of Ceremony later provides it to other nodes.
#NETSTATS_SECRET: "INSERT HERE"
#URL of netstats server. Should be provided to users by Master of Ceremony
#NETSTATS_SERVER: "INSERT HERE"
#Node owner's email. Publicly visible in netstats
#NODE_ADMIN_EMAIL: "INSERT HERE"
#Node's descriptive name. Publicly visible in netstats
#NODE_FULLNAME: "INSERT HERE"

26
group_vars/all.yml.network Normal file
View File

@ -0,0 +1,26 @@
---
become_method: sudo
ansible_user: ubuntu
ansible_python_interpreter: /usr/bin/python3
image: "ami-0b383171"
region: "us-east-1"
NODE_PWD: "node.pwd" # don't change this one
NODE_SOURCE_DEB: "https://deb.nodesource.com/node_8.x"
PARITY_BIN_LOC: "https://s3.us-east-2.amazonaws.com/poa-builds-parity-published/1.10.6/parity"
PARITY_BIN_SHA256: "539f4788fbd605a9cd87b5bf747b27ae05b8a4080b26aa3da645b0446fa9f9cc"
ORCHESTRATOR_BIN_LOC: ""
ORCHESTRATOR_BIN_SHA256: ""
SCRIPTS_MOC_BRANCH: "mainnet"
SCRIPTS_VALIDATOR_BRANCH: "mainnet"
MAIN_REPO_FETCH: "poanetwork"
GENESIS_BRANCH: "master"
GENESIS_NETWORK_NAME: "PoA"
MOC_ADDRESS: "0xdd0bb0e2a1594240fed0c2f2c17c1e9ab4f87126"
BLK_GAS_LIMIT: "6700000"

11
group_vars/bootnode.example
View File

@ -1,11 +0,0 @@
access_key: "INSERT KEY HERE"
secret_key: "INSERT SECRET HERE"
awskeypair_name: "keypairname"
vpc_subnet_id: "subnet-ID-number"
NODE_FULLNAME: "INSERT NODENAME"
NODE_ADMIN_EMAIL: "INSERT@EMAIL"
NETSTATS_SERVER: "INSERT FULL URL"
NETSTATS_SECRET: "INSERT SECRET"

21
group_vars/bootnode.yml.example Normal file
View File

@ -0,0 +1,21 @@
NODE_FULLNAME: "INSERT NODENAME"
NODE_ADMIN_EMAIL: "INSERT@EMAIL"
NETSTATS_SERVER: "INSERT FULL URL"
NETSTATS_SECRET: "INSERT SECRET"
username: "bootnode"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"
nginx_headers: "on"
PROXY_PORT: "8545"
configure_extended_tcp_settings: false
bootnode_archive: "off"
bootnode_orchestrator: "off"
install_debug_tools: "yes"
reboot_after_completion: false

5
group_vars/explorer.example
View File

@ -1,5 +0,0 @@
access_key: "INSERT KEY HERE"
secret_key: "INSERT SECRET HERE"
awskeypair_name: "keypairname"
vpc_subnet_id: "subnet-ID-number"

11
group_vars/explorer.yml.example Normal file
View File

@ -0,0 +1,11 @@
username: "explorer"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"
nginx_headers: "off"
PROXY_PORT: "3000"
configure_extended_tcp_settings: false
install_debug_tools: "yes"
reboot_after_completion: false

16
group_vars/moc.example → group_vars/moc.yml.example
View File

@ -1,9 +1,3 @@
access_key: "INSERT KEY HERE"
secret_key: "INSERT SECRET HERE"
awskeypair_name: "keypairname"
vpc_subnet_id: "subnet-ID-number"
NODE_FULLNAME: "INSERT NODENAME"
NODE_ADMIN_EMAIL: "INSERT@EMAIL"
@ -12,3 +6,13 @@ NETSTATS_SECRET: "INSERT SECRET"
MOC_KEYPASS: "INSERT HERE"
MOC_KEYFILE: 'INSERT HERE'
username: "moc"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"
moc_archive: "off"
install_debug_tools: "yes"
reboot_after_completion: false

10
group_vars/netstat.example
View File

@ -1,10 +0,0 @@
access_key: "INSERT KEY HERE"
secret_key: "INSERT SECRET HERE"
awskeypair_name: "keypairname"
vpc_subnet_id: "subnet-ID-number"
NODE_FULLNAME: "INSERT NODENAME"
NODE_ADMIN_EMAIL: "INSERT@EMAIL"
NETSTATS_SECRET: "INSERT SECRET"

17
group_vars/netstat.yml.example Normal file
View File

@ -0,0 +1,17 @@
NODE_FULLNAME: "INSERT NODENAME"
NODE_ADMIN_EMAIL: "INSERT@EMAIL"
NETSTATS_SECRET: "INSERT SECRET"
username: "netstat"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"
configure_extended_tcp_settings: false
nginx_headers: "off"
PROXY_PORT: "3000"
NETSTATS_SERVER: "http://localhost:3000"
install_debug_tools: "yes"
reboot_after_completion: false

16
group_vars/validator.example → group_vars/validator.yml.example
View File

@ -1,9 +1,3 @@
access_key: "INSERT KEY HERE"
secret_key: "INSERT SECRET HERE"
awskeypair_name: "keypairname"
vpc_subnet_id: "subnet-ID-number"
NODE_FULLNAME: "INSERT NODENAME"
NODE_ADMIN_EMAIL: "INSERT@EMAIL"
@ -13,3 +7,13 @@ NETSTATS_SECRET: "INSERT SECRET"
MINING_KEYFILE: 'INSERT HERE'
MINING_ADDRESS: "INSERT HERE"
MINING_KEYPASS: "INSERT HERE"
username: "validator"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"
validator_archive: "off"
install_debug_tools: "yes"
reboot_after_completion: false

2
hosts.example
View File

@ -23,4 +23,4 @@ bootnode
moc
netstat
validator
explorer
explorer

86
moc.yml
View File

@ -1,86 +1,4 @@
---
- name: Create moc security group
hosts: localhost
gather_facts: False
tasks:
- name: Create Security group
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ moc_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: moc
- name: Create moc
hosts: localhost
gather_facts: False
vars:
volumes:
- device_name: /dev/sda1
volume_size: 128
delete_on_termination: true
tasks:
- name: Launch instance
ec2:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
key_name: "{{ awskeypair_name }}"
instance_tags:
Name: "{{ moc_instance_name }}"
group: "{{ moc_security_group }}"
instance_type: "{{ moc_instance_type }}"
image: "{{ image }}"
count: "{{ moc_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2
- name: Add new instance to host group
add_host: hostname={{ item.public_ip }} groupname=launched
with_items: "{{ ec2.instances }}"
- name: Wait for SSH to come up
wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started
with_items: "{{ ec2.instances }}"
tags: moc
- name: Installing python
hosts: all
hosts: launched
gather_facts: False
user: ubuntu
- hosts: moc
become: True
vars:
ansible_ssh_port: 22
tasks:
- name: Install python
raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
- name: Configure instance(s)
hosts: launched
user: ubuntu
become: True
vars:
ansible_ssh_port: 22
gather_facts: True
roles:
- preconf
tags: preconf
tasks:
- name: restart machine after setup
shell: shutdown -r 1
- moc

86
netstat.yml
View File

@ -1,86 +1,4 @@
---
- name: Create netstat security group
hosts: localhost
gather_facts: False
tasks:
- name: Create Security group
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ netstat_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: netstat
- name: Create netstat
hosts: localhost
gather_facts: False
vars:
volumes:
- device_name: /dev/sda1
volume_size: 128
delete_on_termination: true
tasks:
- name: Launch instance
ec2:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
key_name: "{{ awskeypair_name }}"
instance_tags:
Name: "{{ netstat_instance_name }}"
group: "{{ netstat_security_group }}"
instance_type: "{{ netstat_instance_type }}"
image: "{{ image }}"
count: "{{ netstat_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2
- name: Add new instance to host group
add_host: hostname={{ item.public_ip }} groupname=launched
with_items: "{{ ec2.instances }}"
- name: Wait for SSH to come up
wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started
with_items: "{{ ec2.instances }}"
tags: netstat
- name: Installing python
hosts: all
hosts: launched
gather_facts: False
user: ubuntu
- hosts: netstat
become: True
vars:
ansible_ssh_port: 22
tasks:
- name: Install python
raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal)
- name: Configure instance(s)
hosts: launched
user: ubuntu
become: True
vars:
ansible_ssh_port: 22
gather_facts: True
roles:
- preconf
tags: preconf
tasks:
- name: restart machine after setup
shell: shutdown -r 1
- netstat

8
roles/bootnode-access/tasks/main.yml
View File

@ -1,8 +0,0 @@
---
- name: Setup ufw firewall
import_tasks: ufw.yml
when: not ansible_bios_version | search("amazon")
- name: Setup EC2 firewall
import_tasks: ec2.yml
when: ansible_bios_version | search("amazon")

18
roles/bootnode/defaults/main.yml
View File

@ -1,14 +1,20 @@
---
username: "bootnode"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"
nginx_headers: "on"
PROXY_PORT: "8545"
user: ubuntu
allow_bootnode_ssh: true
allow_bootnode_p2p: true
allow_bootnode_rpc: false
username: "bootnode"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"
bootnode_archive: "off"
bootnode_orchestrator: "off"
parity_api: "off"
reboot_after_completion: false
install_debug_tools: "no"
install_firewall: true

0
roles/bootnode-access/handlers/main.yml → roles/bootnode/handlers/main.yml
View File

11
roles/bootnode/meta/main.yml Normal file
View File

@ -0,0 +1,11 @@
dependencies:
- { role: usermanager }
- { role: preconf }
- { role: nodejs }
- { role: poa-logrotate }
- { role: poa-parity }
- { role: poa-pm2 }
- { role: poa-netstats }
- { role: poa-orchestrator, when: "(bootnode_orchestrator or 'off') == 'on'" }
- { role: nginx }
- { role: debug-tools, when: "install_debug_tools == 'yes'" }

33
roles/bootnode/tasks/main.yml
View File

@ -1,29 +1,14 @@
---
- name: Create directory parity_data/keys/NetworkName
file:
path: "{{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}"
state: directory
mode: 0700
owner: "{{ username }}"
group: "{{ username }}"
- name: Create logs directories
file:
path: "/{{ home }}/logs/old"
state: directory
mode: 0755
owner: "{{ username }}"
group: "{{ username }}"
- name: Download spec.json
get_url: url={{ item }} dest={{ home }}/ mode=0644
with_items:
- "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/spec.json"
- "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/bootnodes.txt"
- name: Create node.toml
template: src={{ item }}.j2 dest={{ home }}/node.toml owner=root group=root mode=0644
with_items:
- node.toml
template: src=node.toml.j2 dest={{ home }}/node.toml owner={{ username }} group={{ username }} mode=0644
- name: Setup ufw firewall
import_tasks: ufw.yml
when: install_firewall
- name: restart machine after setup
shell: shutdown -r 1
when: reboot_after_completion == true
#- file: path={{ home }} owner={{ username }} group={{ username }} recurse=yes

12
roles/bootnode-access/tasks/ufw.yml → roles/bootnode/tasks/ufw.yml
View File

@ -17,24 +17,18 @@
- restart ufw
- name: Add ufw ssh access
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
with_items:
- { rule: 'allow', port: '22', proto: 'tcp' }
ufw: rule='allow' port='22' proto='tcp'
notify:
- restart ufw
when: allow_bootnode_ssh == true
- name: Add ufw https access
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
with_items:
- { rule: 'allow', port: '443', proto: 'tcp' }
ufw: rule='allow' port='443' proto='tcp'
notify:
- restart ufw
- name: Add ufw rpc access
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
with_items:
- { rule: 'allow', port: '8545', proto: 'tcp' }
ufw: rule='allow' port='8545' proto='tcp'
notify:
- restart ufw
when: allow_bootnode_rpc == true

5
roles/bootnode/templates/node.toml.j2
View File

@ -17,16 +17,13 @@ allow_ips = "public"
[rpc]
#apis = ["web3", "eth", "parity", "parity_set", "net", "traces", "rpc"]
apis = ["web3","eth","net" {{ ', "parity", "parity_set", "shh"' if bootnode_orchestrator|default("off") == "on" else '' }}]
apis = ["web3","eth","net"{{', "parity"' if (bootnode_orchestrator|default("off") == "on" or parity_api|default("off") == "on") else ''}}{{', "parity_set", "shh"' if bootnode_orchestrator|default("off") == "on" else ''}}]
processing_threads = 4
cors=["all"]
[ui]
disable = true
[dapps]
disable = true
{% if bootnode_archive|default("off") == "on" %}
[snapshots]
disable_periodic = false

0
roles/bootnode/vars/main.yml.example Normal file
View File

23
roles/debug-tools/main.yml Normal file
View File

@ -0,0 +1,23 @@
---
### Install debug packages
- name: Install packages
apt: name={{ item }} state=present update_cache=yes
with_items:
- bc
- cloud-utils
- dstat
- htop
- iotop
- lbzip2
- mc
- mtr
- net-tools
- nload
- pigz
- rsync
- screen
- sysstat
- tcpdump
- unzip
- zip

8
roles/explorer-access/tasks/main.yml
View File

@ -1,8 +0,0 @@
---
- name: Setup ufw firewall
import_tasks: ufw.yml
when: not ansible_bios_version | search("amazon")
- name: Setup EC2 firewall
import_tasks: ec2.yml
when: ansible_bios_version | search("amazon")

22
roles/explorer/defaults/main.yml
View File

@ -1,12 +1,24 @@
username: "explorer"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"
---
user: ubuntu
allow_explorer_ssh: true
allow_explorer_p2p: true
allow_explorer_http: true
username: "explorer"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"
nginx_headers: "off"
PROXY_PORT: "3000"
explorerS_SERVER: "localhost"
MAIN_REPO_FETCH: "poanetwork"
MOC_ADDRESS: "0xdd0bb0e2a1594240fed0c2f2c17c1e9ab4f87126"
explorer_version: "acee07c"
reboot_after_completion: false
install_debug_tools: "no"
install_firewall: true

3
roles/explorer/handlers/main.yml
View File

@ -1,3 +1,6 @@
---
- name: restart poa-chain-explorer
service: name=poa-chain-explorer state=restarted
- name: restart ufw
service: name=ufw state=restarted

9
roles/explorer/meta/main.yml Normal file
View File

@ -0,0 +1,9 @@
dependencies:
- { role: usermanager }
- { role: preconf }
- { role: nodejs }
- { role: poa-logrotate }
- { role: poa-parity }
- { role: poa-pm2 }
- { role: nginx }
- { role: debug-tools, when: "install_debug_tools == 'yes'" }

36
roles/explorer/tasks/main.yml
View File

@ -1,30 +1,7 @@
---
- name: Create directory parity_data/keys/NetworkName
file:
path: "{{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}"
state: directory
mode: 0700
owner: "{{ username }}"
group: "{{ username }}"
- name: Create logs directories
file:
path: "/{{ home }}/logs/old"
state: directory
mode: 0755
owner: "{{ username }}"
group: "{{ username }}"
- name: Download spec.json
get_url: url={{ item }} dest={{ home }}/ mode=0644
with_items:
- "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/spec.json"
- "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/bootnodes.txt"
- name: Create node.toml
template: src={{ item }}.j2 dest={{ home }}/node.toml owner=root group=root mode=0644
with_items:
- node.toml
template: src=node.toml.j2 dest={{ home }}/node.toml owner={{ username }} group={{ username }} mode=0644
- name: Clone poanetworks/chain-explorer repo from GitHub
git:
@ -42,7 +19,7 @@
- name: install npm chain_explorer
npm:
path: "/home/{{ username }}/chain-explorer"
path: "{{ home }}//chain-explorer"
become: true
become_user: "{{ username }}"
notify:
@ -60,3 +37,12 @@
- name: Ensure poa-chain-explorer is running and enabled to start at boot
service: name=poa-chain-explorer state=started enabled=yes
- name: Setup ufw firewall
import_tasks: ufw.yml
when: install_firewall
- name: restart machine after setup
shell: shutdown -r 1
when: reboot_after_completion == true

12
roles/explorer-access/tasks/ufw.yml → roles/explorer/tasks/ufw.yml
View File

@ -17,17 +17,13 @@
- restart ufw
- name: Add ufw ssh access
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
with_items:
- { rule: 'allow', port: '22', proto: 'tcp' }
ufw: rule='allow' port='22' proto='tcp'
notify:
- restart ufw
when: allow_explorer_ssh == true
- name: Add ufw https access
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
with_items:
- { rule: 'allow', port: '443', proto: 'tcp' }
ufw: rule='allow' port='443' proto='tcp'
notify:
- restart ufw
@ -41,9 +37,7 @@
when: allow_explorer_p2p == true
- name: Add ufw http-3000 access
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
with_items:
- { rule: 'allow', port: '3000', proto: 'tcp' }
ufw: rule='allow' port='3000' proto='tcp'
notify:
- restart ufw
when: allow_explorer_http == true

4
roles/explorer/templates/app.json.j2
View File

@ -3,8 +3,8 @@
"name" : "explorer",
"script" : "./bin/www",
"log_date_format" : "YYYY-MM-DD HH:mm:SS Z",
"error_file" : "/home/{{ username }}/logs/explorer.err",
"out_file" : "/home/{{ username }}/logs/explorer.out",
"error_file" : "{{ home }}/logs/explorer.err",
"out_file" : "{{ home }}/logs/explorer.out",
"merge_logs" : false,
"watch" : false,
"max_restarts" : 100,

2
roles/explorer/templates/config.js.j2
View File

@ -2,7 +2,7 @@ var web3 = require('web3');
var net = require('net');
var config = function () {
this.logFormat = "combined";
this.ipcPath = "/home/{{ username }}/parity_data/jsonrpc.ipc";
this.ipcPath = "{{ home }}/parity_data/jsonrpc.ipc";
this.provider = new web3.providers.IpcProvider(this.ipcPath, net);
this.bootstrapUrl = "https://maxcdn.bootstrapcdn.com/bootswatch/3.3.7/yeti/bootstrap.min.css";
this.names = {

3
roles/explorer/templates/poa-chain-explorer.j2
View File

@ -6,8 +6,7 @@ Type=oneshot
RemainAfterExit=true
User={{ username }}
Group={{ username }}
Environment=MYVAR=myval
WorkingDirectory=/home/{{ username }}/chain-explorer
WorkingDirectory={{ home }}/chain-explorer
ExecStart=/usr/bin/pm2 startOrRestart app.json
[Install]
WantedBy=multi-user.target

1
roles/explorer/vars/main.yml
View File

@ -1 +0,0 @@
explorer_version: "acee07c"

1
roles/explorer/vars/main.yml.example Normal file
View File

@ -0,0 +1 @@
explorer_version: "acee07c"

3
roles/logentries/handlers/main.yml
View File

@ -1,3 +0,0 @@
---
- name: restart logentries
service: name=logentries state=restarted

47
roles/logentries/tasks/main.yml
View File

@ -1,47 +0,0 @@
---
- name: Add logentries repository
apt_repository:
repo: 'deb http://rep.logentries.com/ {{ansible_distribution_release}} main'
state: present
filename: logentries
- name: add repository key
apt_key:
keyserver: pgp.mit.edu
id: A5270289C43C79AD
state: present
- name: Install logentries packages
apt: name={{ item }} state=present update_cache=yes
with_items:
- logentries
- logentries-daemon
- python-setproctitle
- name: connect logentries account
shell: le reinit --user-key={{ logentries_user_key }}
notify:
- restart logentries
- name: deactivate pull-server-side-config
lineinfile:
dest: /etc/le/config
regexp: "pull-server-side-config = "
line: "pull-server-side-config = False"
notify:
- restart logentries
- name: create config folder
file:
path: /etc/le/conf.d
state: directory
mode: 0755
- name: deploy config logentries
template: src=logentries.j2 dest=/etc/le/conf.d/{{ GENESIS_BRANCH }}.conf
notify:
- restart logentries
- name: Ensure logentries is running and enabled to start at boot
service: name=logentries state=started enabled=yes

33
roles/logentries/templates/logentries.j2
View File

@ -1,33 +0,0 @@
[install_err]
path = /var/lib/waagent/custom-script/download/0/stderr
destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
[install_out]
path = /var/lib/waagent/custom-script/download/0/stdout
destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
[dashboard_err]
path = {{ logsprefix }}/dashboard.err
destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
[dashboard_out]
path = {{ logsprefix }}/dashboard.out
destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
[parity_log]
path = {{ logsprefix }}/parity.log
destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
[parity_err]
path = {{ logsprefix }}/parity.err
destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
[parity_out]
path = {{ logsprefix }}/parity.out
destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
[netstats_daemon_err]
path = {{ logsprefix }}/netstats_daemon.err
destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
[netstats_daemon_out]
path = {{ logsprefix }}/netstats_daemon.out
destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
[explorer_err]
path = {{ logsprefix }}/explorer.err
destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}
[explorer_out]
path = {{ logsprefix }}/explorer.out
destination = {{ GENESIS_BRANCH }}/{{ ansible_host }}

3
roles/moc-access/handlers/main.yml
View File

@ -1,3 +0,0 @@
---
- name: restart ufw
service: name=ufw state=restarted

8
roles/moc-access/tasks/main.yml
View File

@ -1,8 +0,0 @@
---
- name: Setup ufw firewall
import_tasks: ufw.yml
when: not ansible_bios_version | search("amazon")
- name: Setup EC2 firewall
import_tasks: ec2.yml
when: ansible_bios_version | search("amazon")

30
roles/moc/defaults/main.yml
View File

@ -1,8 +1,34 @@
---
user: ubuntu
allow_moc_ssh: true
allow_moc_p2p: true
NODE_FULLNAME: "moc"
NODE_ADMIN_EMAIL: ""
NODE_PWD: "node.pwd" # don't change this one
NETSTATS_SERVER: ""
NETSTATS_SECRET: ""
MOC_ADDRESS: "0xdd0bb0e2a1594240fed0c2f2c17c1e9ab4f87126"
MOC_KEYPASS: ""
MOC_KEYFILE: ""
SCRIPTS_MOC_BRANCH: "master"
GENESIS_NETWORK_NAME: "PoA"
MAIN_REPO_FETCH: "poanetwork"
BLK_GAS_LIMIT: "6700000"
username: "moc"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"
allow_moc_ssh: true
allow_moc_p2p: true
moc_archive: "off"
reboot_after_completion: false
install_debug_tools: "no"
install_firewall: true

0
roles/explorer-access/handlers/main.yml → roles/moc/handlers/main.yml
View File

9
roles/moc/meta/main.yml Normal file
View File

@ -0,0 +1,9 @@
dependencies:
- { role: usermanager }
- { role: preconf }
- { role: nodejs }
- { role: poa-logrotate }
- { role: poa-parity }
- { role: poa-pm2 }
- { role: poa-netstats }
- { role: debug-tools, when: "install_debug_tools == 'yes'" }

36
roles/moc/tasks/main.yml
View File

@ -1,30 +1,7 @@
---
- name: Create directory parity_data/keys/NetworkName
file:
path: "{{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}"
state: directory
mode: 0700
owner: "{{ username }}"
group: "{{ username }}"
- name: Create logs directories
file:
path: "/{{ home }}/logs/old"
state: directory
mode: 0755
owner: "{{ username }}"
group: "{{ username }}"
- name: Download spec.json
get_url: url={{ item }} dest={{ home }}/ mode=0644
with_items:
- "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/spec.json"
- "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/bootnodes.txt"
- name: Create node.toml
template: src={{ item }}.j2 dest={{ home }}/node.toml owner=root group=root mode=0644
with_items:
- node.toml
template: src=node.toml.j2 dest={{ home }}/node.toml owner={{ username }} group={{ username }} mode=0644
- name: Install {{ NODE_PWD }} file
template: src=node_pwd.j2 dest={{ home }}/{{ NODE_PWD }} owner={{ username }} group={{ username }} mode=0600
@ -39,10 +16,11 @@
repo: "https://github.com/{{ MAIN_REPO_FETCH }}/poa-scripts-moc"
dest: "{{ home }}/poa-scripts-moc"
version: "{{ SCRIPTS_MOC_BRANCH }}"
force: yes
- name: Change owner and group of poa-scripts-moc file
file: path={{ home }}/poa-scripts-moc owner={{ username }} group={{ username }} recurse=yes
- name: install npm initial_keys_script
npm:
path: "{{ home }}/poa-scripts-moc"
@ -60,3 +38,11 @@
path: "{{ home }}/poa-scripts-moc/distributeTokens"
become: true
become_user: "{{ username }}"
- name: Setup ufw firewall
import_tasks: ufw.yml
when: install_firewall
- name: restart machine after setup
shell: shutdown -r 1
when: reboot_after_completion == true

4
roles/moc-access/tasks/ufw.yml → roles/moc/tasks/ufw.yml
View File

@ -17,9 +17,7 @@
- restart ufw
- name: Add ufw ssh access
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
with_items:
- { rule: 'allow', port: '22', proto: 'tcp' }
ufw: rule='allow' port='22' proto='tcp'
notify:
- restart ufw
when: allow_moc_ssh == true

0
roles/moc/vars/main.yml.example Normal file
View File

3
roles/netstat-access/handlers/main.yml
View File

@ -1,3 +0,0 @@
---
- name: restart ufw
service: name=ufw state=restarted

8
roles/netstat-access/tasks/main.yml
View File

@ -1,8 +0,0 @@
---
- name: Setup ufw firewall
import_tasks: ufw.yml
when: not ansible_bios_version | search("amazon")
- name: Setup EC2 firewall
import_tasks: ec2.yml
when: ansible_bios_version | search("amazon")

23
roles/netstat/defaults/main.yml
View File

@ -1,12 +1,27 @@
---
user: ubuntu
allow_netstat_ssh: true
allow_netstat_http: true
netstat_version: "cb431d6"
NETSTATS_SERVER: "http://localhost:3000"
NETSTATS_SECRET: ""
MAIN_REPO_FETCH: "poanetwork"
NODE_FULLNAME: "netstat"
NODE_ADMIN_EMAIL: ""
username: "netstat"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"
allow_netstat_ssh: true
allow_netstat_http: true
nginx_headers: "off"
PROXY_PORT: "3000"
NETSTATS_SERVER: "http://localhost:3000"
reboot_after_completion: false
install_debug_tools: "no"
install_firewall: true

3
roles/netstat/handlers/main.yml
View File

@ -1,3 +1,6 @@
---
- name: restart poa-dashboard
service: name=poa-dashboard state=restarted
- name: restart ufw
service: name=ufw state=restarted

7
roles/netstat/meta/main.yml Normal file
View File

@ -0,0 +1,7 @@
dependencies:
- { role: usermanager }
- { role: preconf }
- { role: nodejs }
- { role: poa-logrotate }
- { role: nginx }
- { role: debug-tools, when: "install_debug_tools == 'yes'" }

25
roles/netstat/tasks/main.yml
View File

@ -1,11 +1,4 @@
---
- name: Create logs directories
file:
path: "/{{ home }}/logs/old"
state: directory
mode: 0755
owner: "{{ username }}"
group: "{{ username }}"
- name: Clone poanetworks/eth-netstats repo from GitHub
git:
@ -18,7 +11,7 @@
- name: install npm netstats
npm:
path: "/home/{{ username }}/eth-netstats"
path: "{{ home }}/eth-netstats"
become: true
become_user: "{{ username }}"
notify:
@ -30,23 +23,31 @@
global: yes
- name: run grunt process
shell: "cd /home/{{ username }}/eth-netstats; grunt"
shell: "cd {{ home }}/eth-netstats; grunt"
become: true
become_user: "{{ username }}"
args:
creates: "/home/{{ username }}/dist"
creates: "{{ home }}/dist"
- name: Config ws_secret.json file
copy:
content: '["{{ NETSTATS_SECRET }}"]'
dest: "/home/{{ username }}/eth-netstats/ws_secret.json"
dest: "{{ home }}/eth-netstats/ws_secret.json"
notify:
- restart poa-dashboard
- name: Install poa-dashboard service
template: src=poa-dashboard.j2 dest=/etc/systemd/system/poa-dashboard.service owner=root group=root mode=0755
template: src=poa-dashboard.j2 dest=/etc/systemd/system/poa-dashboard.service owner={{ username }} group={{ username }} mode=0755
notify:
- restart poa-dashboard
- name: Ensure poa-dashboard is running and enabled to start at boot
service: name=poa-dashboard state=started enabled=yes
- name: Setup ufw firewall
import_tasks: ufw.yml
when: install_firewall
- name: restart machine after setup
shell: shutdown -r 1
when: reboot_after_completion == true

12
roles/netstat-access/tasks/ufw.yml → roles/netstat/tasks/ufw.yml
View File

@ -17,24 +17,18 @@
- restart ufw
- name: Add ufw ssh access
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
with_items:
- { rule: 'allow', port: '22', proto: 'tcp' }
ufw: rule='allow' port='22' proto='tcp'
notify:
- restart ufw
when: allow_netstat_ssh == true
- name: Add ufw https access
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
with_items:
- { rule: 'allow', port: '443', proto: 'tcp' }
ufw: rule='allow' port='443' proto='tcp'
notify:
- restart ufw
- name: Add ufw http-3000 access
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
with_items:
- { rule: 'allow', port: '3000', proto: 'tcp' }
ufw: rule='allow' port='3000' proto='tcp'
notify:
- restart ufw
when: allow_netstat_http == true

3
roles/netstat/templates/poa-dashboard.j2
View File

@ -4,8 +4,7 @@ After=network.target
[Service]
User={{ username }}
Group={{ username }}
Environment=MYVAR=myval
WorkingDirectory=/home/{{ username }}/eth-netstats
WorkingDirectory={{ home }}/eth-netstats
Restart=always
ExecStart=/usr/bin/npm start
[Install]

1
roles/netstat/vars/main.yml
View File

@ -1 +0,0 @@
netstat_version: "cb431d6"

1
roles/netstat/vars/main.yml.example Normal file
View File

@ -0,0 +1 @@
netstat_version: "cb431d6"

6
roles/nginx/defaults/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
PROXY_PORT: 3000
configure_extended_tcp_settings: true
nginx_headers: "off"

37
roles/nginx/tasks/main.yml
View File

@ -8,7 +8,29 @@
name: "python3-pip"
state: present
- name: Ensure python OpenSSL dependencies are installed.
- name: Ensure OpenSSL dependencies are installed (Ubuntu)
package:
name: "{{ item }}"
state: present
with_items:
- build-essential
- libssl-dev
- libffi-dev
- python-dev
when: ansible_os_family == "Debian"
- name: Ensure OpenSSL dependencies are installed (CentOS)
package:
name: "{{ item }}"
state: present
with_items:
- gcc
- libffi-devel
- openssl-devel
- python-devel
when: ansible_os_family == "RedHat"
- name: Install OpenSSL module
pip:
name: pyOpenSSL
state: present
@ -46,16 +68,12 @@
when: not cert_file_check.stat.exists
- name: Install nginx.conf
template: src={{ item }}.j2 dest=/etc/nginx/ssl/{{ item }} owner=root group=root mode=0644
with_items:
- dhparam.pem
template: src=dhparam.pem.j2 dest=/etc/nginx/ssl/dhparam.pem owner=root group=root mode=0644
notify:
- reload nginx
- name: Install nginx conf.d files
template: src={{ item }}.j2 dest=/etc/nginx/conf.d/{{ item }} owner=root group=root mode=0644
with_items:
- default.conf
template: src=default.conf.j2 dest=/etc/nginx/conf.d/default.conf owner=root group=root mode=0644
notify:
- reload nginx
tags: nginx
@ -63,3 +81,8 @@
- name: Ensure nginx is running and enabled to start at boot
service: name=nginx state=started enabled=yes
tags: nginx
- name: executing vars.yml
import_tasks: vars.yml
when: configure_extended_tcp_settings == true

3
roles/nodejs/defaults/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
NODE_SOURCE_DEB: "https://deb.nodesource.com/node_8.x"

10
roles/nodejs/tasks/main.yml
View File

@ -10,12 +10,8 @@
- name: Add nodejs repository
apt_repository:
repo: 'deb {{ NODE_SOURCE_DEB }} {{ansible_distribution_release}} main'
repo: 'deb {{ NODE_SOURCE_DEB }} {{ ansible_distribution_release }} main'
state: present
- name: Install nodejs packages
apt: name={{ item }} state=present update_cache=yes
with_items:
- nodejs
- name: Install nodejs package
apt: name=nodejs state=present update_cache=yes

4
roles/poa-logrotate/defaults/main.yml Normal file
View File

@ -0,0 +1,4 @@
username: "poa"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"

4
roles/poa-logrotate/tasks/main.yml
View File

@ -1,6 +1,6 @@
---
- name: Install poa-logrotate conf
template: src=poa-logrotate.conf.j2 dest={{ home }}/poa-logrotate.conf owner=root group=root mode=0644
template: src=poa-logrotate.conf.j2 dest={{ home }}/poa-logrotate.conf owner={{ username }} group={{ username }} mode=0644
- name: Install poa-logrotate cron
template: src=poa-logrotate.j2 dest=/etc/cron.hourly/poa-logrotate owner=root group=root mode=0755
cron: special_time=hourly job="/usr/sbin/logrotate {{ home }}/poa-logrotate.conf -s {{ home }}/poa-logrotate.status" user={{ username }} name="poa-logrotate"

8
roles/poa-logrotate/templates/poa-logrotate.conf.j2
View File

@ -1,4 +1,4 @@
/home/{{ username }}/logs/*.log {
{{ home }}/logs/*.log {
rotate 10
size 200M
missingok
@ -9,7 +9,7 @@
olddir old
}
/home/{{ username }}/logs/*.err {
{{ home }}/logs/*.err {
rotate 10
size 200M
missingok
@ -20,7 +20,7 @@
olddir old
}
/home/{{ username }}/logs/*.out {
{{ home }}/logs/*.out {
rotate 10
size 200M
missingok
@ -31,7 +31,7 @@
olddir old
}
/home/{{ username }}/.pm2/pm2.log {
{{ home }}/.pm2/pm2.log {
su {{ username }} {{ username }}
rotate 10
size 200M

2
roles/poa-logrotate/templates/poa-logrotate.j2
View File

@ -1,2 +0,0 @@
#!/bin/bash
/usr/sbin/logrotate /home/{{ username }}/poa-logrotate.conf

16
roles/poa-netstats/defaults/main.yml Normal file
View File

@ -0,0 +1,16 @@
---
MAIN_REPO_FETCH: "poanetwork"
GENESIS_NETWORK_NAME: "PoA"
api_version: "9773b5b"
NODE_FULLNAME: ""
NODE_ADMIN_EMAIL: ""
NETSTATS_SERVER: ""
NETSTATS_SECRET: ""
username: "poa"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"

4
roles/poa-netstats/tasks/main.yml
View File

@ -29,9 +29,9 @@
- name: Change owner and group of eth-net-intelligence-api files
file: path={{ home }}/eth-net-intelligence-api owner={{ username }} group={{ username }} recurse=yes
- name: install npm netstats
- name: Install npm netstats
npm:
path: "/home/{{ username }}/eth-net-intelligence-api"
path: "{{ home }}/eth-net-intelligence-api"
become: true
become_user: "{{ username }}"
notify:

4
roles/poa-netstats/templates/app.json.j2
View File

@ -3,8 +3,8 @@
"name" : "netstats_daemon",
"script" : "app.js",
"log_date_format" : "YYYY-MM-DD HH:mm:SS Z",
"error_file" : "/home/{{ username }}/logs/netstats_daemon.err",
"out_file" : "/home/{{ username }}/logs/netstats_daemon.out",
"error_file" : "{{ home }}/logs/netstats_daemon.err",
"out_file" : "{{ home }}/logs/netstats_daemon.out",
"merge_logs" : false,
"watch" : false,
"max_restarts" : 100,

3
roles/poa-netstats/templates/poa-netstats.j2
View File

@ -6,8 +6,7 @@ Type=oneshot
RemainAfterExit=true
User={{ username }}
Group={{ username }}
Environment=MYVAR=myval
WorkingDirectory=/home/{{ username }}/eth-net-intelligence-api
WorkingDirectory={{ home }}/eth-net-intelligence-api
ExecStart=/usr/bin/pm2 startOrRestart app.json
[Install]
WantedBy=multi-user.target

0
roles/poa-netstats/vars/main.yml → roles/poa-netstats/vars/main.yml.example
View File

9
roles/poa-orchestrator/defaults/main.yml Normal file
View File

@ -0,0 +1,9 @@
---
ORCHESTRATOR_BIN_LOC: ""
ORCHESTRATOR_BIN_SHA256: ""
username: "poa"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"

2
roles/poa-orchestrator/tasks/main.yml
View File

@ -5,7 +5,7 @@
- restart poa-orchestrator
- name: Create parity-orchestrator.toml
template: src=parity-orchestrator.toml.j2 dest={{ home }}/parity-orchestrator.toml owner=root group=root mode=0644
template: src=parity-orchestrator.toml.j2 dest={{ home }}/parity-orchestrator.toml owner={{ username }} group={{ username }} mode=0644
- name: Install poa-orchestrator service
template: src=poa-orchestrator.j2 dest=/etc/systemd/system/poa-orchestrator.service owner=root group=root mode=0755

4
roles/poa-orchestrator/templates/poa-orchestrator.j2
View File

@ -4,7 +4,7 @@ After=poa-parity.service
[Service]
User={{ username }}
Group={{ username }}
WorkingDirectory=/home/{{ username }}
ExecStart=/home/{{ username }}/parity-orchestrator --config=parity-orchestrator.toml
WorkingDirectory={{ home }}
ExecStart={{ home }}/parity-orchestrator --config=parity-orchestrator.toml
[Install]
WantedBy=multi-user.target

15
roles/poa-parity/defaults/main.yml Normal file
View File

@ -0,0 +1,15 @@
---
GENESIS_NETWORK_NAME: "PoA"
PARITY_BIN_LOC: "https://d1h4xl4cr1h0mo.cloudfront.net/v1.9.2/x86_64-unknown-linux-gnu/parity"
PARITY_BIN_SHA256: "3604a030388cd2c22ebe687787413522106c697610426e09b3c5da4fe70bbd33"
validator_archive: "off"
bootnode_archive: "off"
moc_archive: "off"
bootnode_orchestrator: "off"
username: "poa"
users:
- name: "{{ username }}"
home: "/home/{{ username }}"

4
roles/poa-parity/tasks/main.yml
View File

@ -16,7 +16,7 @@
group: "{{ username }}"
- name: Download parity-bin
get_url: url="{{ PARITY_BIN_LOC }}" dest={{ home }}/parity mode=0755 checksum="sha256:{{ PARITY_BIN_SHA256 }}"
get_url: url="{{ PARITY_BIN_LOC }}" dest={{ home }}/parity mode=0755 group={{ username }} owner={{ username }} checksum="sha256:{{ PARITY_BIN_SHA256 }}"
notify:
- restart poa-parity
@ -26,4 +26,4 @@
- restart poa-parity
- name: Ensure poa-parity is running and enabled to start at boot
service: name=poa-parity state=started enabled=yes
service: name=poa-parity state=started enabled=yes

26
roles/poa-parity/templates/app.json.j2
View File

@ -1,26 +0,0 @@
[
{
"name" : "netstats_daemon",
"script" : "app.js",
"log_date_format" : "YYYY-MM-DD HH:mm:SS Z",
"error_file" : "/home/{{ username }}/logs/netstats_daemon.err",
"out_file" : "/home/{{ username }}/logs/netstats_daemon.out",
"merge_logs" : false,
"watch" : false,
"max_restarts" : 100,
"exec_interpreter" : "node",
"exec_mode" : "fork_mode",
"env":
{
"NODE_ENV" : "production",
"RPC_HOST" : "localhost",
"RPC_PORT" : "8545",
"LISTENING_PORT" : "30303",
"INSTANCE_NAME" : "{{ NODE_FULLNAME }}",
"CONTACT_DETAILS" : "{{ NODE_ADMIN_EMAIL }}",
"WS_SERVER" : "{{ NETSTATS_SERVER }}",
"WS_SECRET" : "{{ NETSTATS_SECRET }}",
"VERBOSITY" : 2
}
}
]

19
roles/poa-parity/templates/app_chain_explorer.json.j2
View File

@ -1,19 +0,0 @@
[
{
"name" : "explorer",
"script" : "./bin/www",
"log_date_format" : "YYYY-MM-DD HH:mm:SS Z",
"error_file" : "/home/{{ username }}/logs/explorer.err",
"out_file" : "/home/{{ username }}/logs/explorer.out",
"merge_logs" : false,
"watch" : false,
"max_restarts" : 100,
"exec_interpreter" : "node",
"exec_mode" : "fork_mode",
"env":
{
"NODE_ENV" : "production",
"PORT" : 4000,
}
}
]

12
roles/poa-parity/templates/config.js.j2
View File

@ -1,12 +0,0 @@
var web3 = require('web3');
var net = require('net');
var config = function () {
this.logFormat = "combined";
this.ipcPath = "/home/{{ username }}/parity_data/jsonrpc.ipc";
this.provider = new web3.providers.IpcProvider(this.ipcPath, net);
this.bootstrapUrl = "https://maxcdn.bootstrapcdn.com/bootswatch/3.3.7/yeti/bootstrap.min.css";
this.names = {
"{{ MOC_ADDRESS }}": "Owner",
};
}
module.exports = config;

13
roles/poa-parity/templates/poa-chain-explorer.j2
View File

@ -1,13 +0,0 @@
[Unit]
Description=poa chain explorer service
After=poa-pm2.service
[Service]
Type=oneshot
RemainAfterExit=true
User={{ username }}
Group={{ username }}
Environment=MYVAR=myval
WorkingDirectory=/home/{{ username }}/chain-explorer
ExecStart=/usr/bin/pm2 startOrRestart app.json
[Install]
WantedBy=multi-user.target

Some files were not shown because too many files have changed in this diff Show More