poanetwork
/
deployment-playbooks
mirror of https://github.com/poanetwork/deployment-playbooks.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/poanetwork/deployment-playbooks into blockscout-role

This commit is contained in:
natlg 2018-12-10 15:42:08 -08:00
parent 70e3ed3627 78ca79effe
commit 60c7da9bbe
15 changed files with 122 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
.circleci/config.yml
View File

@ -1,5 +1,36 @@
version: 2
jobs:
preconf:
docker:
- image: poanetwork/terraform-prep
working_directory: ~/deployment-terraform/azure
environment:
ANSIBLE_AZURE_AUTH_SOURCE: env
steps:
- run:
name: Generate shared workspace folder
command: mkdir -p /tmp/workspace
- run:
name: Set all.yml config
command: echo $config_file | base64 --decode > /tmp/workspace/all.yml
- run:
name: set id_rsa.pub
command: echo $pub_key > /tmp/workspace/id_rsa.pub
- run:
name: Generate unique prefix for this build
command: head /dev/urandom | tr -dc A-Za-z0-9 | head -c 5 | tee /tmp/workspace/prefix
- persist_to_workspace:
root: /tmp/workspace
paths:
- all.yml
- prefix
- id_rsa.pub
build:
docker:
- image: poanetwork/terraform-prep
@ -10,33 +41,41 @@ jobs:
steps:
- run:
command: cd ~ && rm -R ~/deployment-terraform/ && git clone $terraform_repo ~/deployment-terraform/
- run:
command: git checkout $terraform_branch
- attach_workspace:
at: /tmp/workspace/
- run:
name: adjust configs
command: echo $config_file | base64 --decode > ~/deployment-terraform/azure/group_vars/all.yml
name: Set unique prefix for this build
command: echo 'export tf_prefix=tf_$(cat /tmp/workspace/prefix)_' >> $BASH_ENV
- run:
name: Copy all.yml file to appropriate folder
command: cp /tmp/workspace/all.yml ~/deployment-terraform/azure/group_vars/all.yml
- run:
name: set id_rsa.pub
command: echo $pub_key > ~/deployment-terraform/azure/id_rsa.pub
- run:
name: deploy infra
command: bash -c "ansible-playbook site.yml -e 'terraform_location=/usr/local/bin/terraform' -e 'backend=true' $build_attr"
name: Deploy infra
command: bash -c "ansible-playbook site.yml -e 'PUB_KEY_STORE=/tmp/workspace/id_rsa.pub' -e 'terraform_location=/usr/local/bin/terraform' -e 'backend=true' -e 'tf_prefix=$tf_prefix' $build_attr"
no_output_timeout: 2000
- run:
name: Save artifacts
command: bash -c "ansible-playbook -i ~/deployment-terraform/azure/outputs/latest_deploy_hosts download_outputs.yml -t build -e 'destination=/tmp/artifacts/' -e 'terraform_location=/usr/local/bin/terraform' $build_attr"
command: bash -c "ansible-playbook -i ~/deployment-terraform/azure/outputs/latest_deploy_hosts download_outputs.yml -t build -e 'PUB_KEY_STORE=/tmp/workspace/id_rsa.pub' -e 'destination=/tmp/artifacts/' -e 'terraform_location=/usr/local/bin/terraform' $build_attr"
- run:
name: Save latest hosts output && build prefix
command: cp ~/deployment-terraform/azure/outputs/latest_deploy_hosts /tmp/workspace/hosts && cp /tmp/workspace/prefix /tmp/artifacts/prefix
- store_artifacts:
path: /tmp/artifacts
- persist_to_workspace:
root: ~/deployment-terraform/azure/outputs/
root: /tmp/workspace
paths:
- latest_deploy_hosts
- hosts
test:
docker:
@ -51,24 +90,27 @@ jobs:
command: git checkout $terraform_branch
- attach_workspace:
at: /tmp/hosts/
at: /tmp/workspace/
- run:
name: adjust configs
command: echo $config_file | base64 --decode > ~/deployment-terraform/azure/group_vars/all.yml
name: Copy all.yml file to appropriate folder
command: cp /tmp/workspace/all.yml ~/deployment-terraform/azure/group_vars/all.yml
- run:
name: set id_rsa.pub
command: echo $pub_key > ~/deployment-terraform/azure/id_rsa.pub
name: Fetch pre-defined prefix to environmental variable
command: echo 'export tf_prefix=tf_$(cat /tmp/workspace/prefix)_' >> $BASH_ENV
- run:
name: check network
command: bash -c "ansible-playbook tests.yml -i /tmp/hosts/latest_deploy_hosts -e 'terraform_location=/usr/local/bin/terraform' -e 'backend=true' $tests_attr"
command: bash -c "ansible-playbook tests.yml -i /tmp/workspace/hosts -e 'PUB_KEY_STORE=/tmp/workspace/id_rsa.pub' -e 'terraform_location=/usr/local/bin/terraform' -e 'tf_prefix=$tf_prefix' -e 'backend=true' $tests_attr"
- run:
name: Save artifacts
command: bash -c "ansible-playbook -i /tmp/hosts/latest_deploy_hosts download_outputs.yml -t tests -e 'destination=/tmp/artifacts/' -e 'terraform_location=/usr/local/bin/terraform' $tests_attr"
command: bash -c "ansible-playbook -i /tmp/workspace/hosts download_outputs.yml -t tests -e 'destination=/tmp/artifacts/' -e 'PUB_KEY_STORE=/tmp/workspace/id_rsa.pub' -e 'tf_prefix=$tf_prefix' -e 'terraform_location=/usr/local/bin/terraform' $tests_attr"
- store_test_results:
path: /tmp/artifacts
- store_artifacts:
path: /tmp/artifacts
@ -86,29 +128,37 @@ jobs:
- run:
command: git checkout $terraform_branch
- attach_workspace:
at: /tmp/workspace/
- run:
name: adjust configs
command: echo $config_file | base64 --decode > ~/deployment-terraform/azure/group_vars/all.yml
- run:
name: set id_rsa.pub
command: echo $pub_key > ~/deployment-terraform/azure/id_rsa.pub
name: Fetch pre-defined prefix to environmental variable
command: echo 'export tf_prefix=tf_$(cat /tmp/workspace/prefix)_' >> $BASH_ENV
- run:
name: Copy all.yml file to appropriate folder
command: cp /tmp/workspace/all.yml ~/deployment-terraform/azure/group_vars/all.yml
- run:
name: destroy infra
command: bash -c "ansible-playbook destroy.yml -e 'terraform_location=/usr/local/bin/terraform' -e 'backend=true' $destroy_attr"
command: bash -c "ansible-playbook destroy.yml -e 'PUB_KEY_STORE=/tmp/workspace/id_rsa.pub' -e 'tf_prefix='$tf_prefix -e 'terraform_location=/usr/local/bin/terraform' -e 'backend=true' -e 'tf_prefix=$tf_prefix' $destroy_attr"
no_output_timeout: 2000
workflows:
version: 2
test_and_destroy:
full:
jobs:
- build
- preconf
- build:
requires:
- preconf
- test:
requires:
- build
- approve_destroy:
type: approval
requires:
- preconf
- destroy:
requires:
- approve_destroy

9
aws/bootnode.yml
View File

@ -12,17 +12,12 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: bootnode
@ -49,7 +44,7 @@
count: "{{ bootnode_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
vpc_subnet_id: "{{ vpc_subnet_id | default('') }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2

9
aws/explorer.yml
View File

@ -12,17 +12,12 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: explorer
@ -49,7 +44,7 @@
count: "{{ explorer_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
vpc_subnet_id: "{{ vpc_subnet_id | default('') }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2

9
aws/moc.yml
View File

@ -12,17 +12,12 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: moc
@ -49,7 +44,7 @@
count: "{{ moc_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
vpc_subnet_id: "{{ vpc_subnet_id | default('') }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2

9
aws/netstat.yml
View File

@ -12,17 +12,12 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: netstat
@ -49,7 +44,7 @@
count: "{{ netstat_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
vpc_subnet_id: "{{ vpc_subnet_id | default('') }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2

27
aws/roles/bootnode-access/tasks/ec2.yml
View File

@ -8,24 +8,7 @@
description: "Default security group"
region: "{{ region }}"
purge_rules: true
vpc_id: "{{ vpc_id }}"
- name: Allow outbound traffic
delegate_to: localhost
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ bootnode_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
vpc_id: "{{ vpc_id | default('') }}"
- name: Add ssh access
delegate_to: localhost
@ -37,7 +20,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: "{{ item }}"
@ -57,7 +40,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: 443
@ -74,7 +57,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: "{{ item }}"
@ -95,7 +78,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: "{{ item }}"

27
aws/roles/explorer-access/tasks/ec2.yml
View File

@ -8,24 +8,7 @@
description: "Default security group"
region: "{{ region }}"
purge_rules: true
vpc_id: "{{ vpc_id }}"
- name: Allow outbound traffic
delegate_to: localhost
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ explorer_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
vpc_id: "{{ vpc_id | default('') }}"
- name: Add ssh access
delegate_to: localhost
@ -37,7 +20,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: "{{ item }}"
@ -57,7 +40,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: 443
@ -74,7 +57,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: "{{ item }}"
@ -98,7 +81,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: "{{ item }}"

23
aws/roles/moc-access/tasks/ec2.yml
View File

@ -8,24 +8,7 @@
description: "Default security group"
region: "{{ region }}"
purge_rules: true
vpc_id: "{{ vpc_id }}"
- name: Allow outbound traffic
delegate_to: localhost
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ moc_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
vpc_id: "{{ vpc_id | default('') }}"
- name: Add ssh access
delegate_to: localhost
@ -37,7 +20,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: "{{ item }}"
@ -57,7 +40,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: "{{ item }}"

25
aws/roles/netstat-access/tasks/ec2.yml
View File

@ -8,24 +8,7 @@
description: "Default security group"
region: "{{ region }}"
purge_rules: true
vpc_id: "{{ vpc_id }}"
- name: Allow outbound traffic
delegate_to: localhost
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ netstat_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
vpc_id: "{{ vpc_id | default('') }}"
- name: Add ssh access
delegate_to: localhost
@ -37,7 +20,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: "{{ item }}"
@ -57,7 +40,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: 443
@ -74,7 +57,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: "{{ item }}"

23
aws/roles/validator-access/tasks/ec2.yml
View File

@ -8,24 +8,7 @@
description: "Default security group"
region: "{{ region }}"
purge_rules: true
vpc_id: "{{ vpc_id }}"
- name: Allow outbound traffic
delegate_to: localhost
ec2_group:
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
name: "{{ validator_security_group }}"
description: "Default security group"
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
vpc_id: "{{ vpc_id | default('') }}"
- name: Add ssh access
delegate_to: localhost
@ -37,7 +20,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: "{{ item }}"
@ -57,7 +40,7 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: "{{ item }}"

9
aws/validator.yml
View File

@ -12,17 +12,12 @@
region: "{{ region }}"
purge_rules_egress: false
purge_rules: false
vpc_id: "{{ vpc_id }}"
vpc_id: "{{ vpc_id | default('') }}"
rules:
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress:
- proto: all
from_port: all
to_port: all
cidr_ip: 0.0.0.0/0
tags: validator
@ -49,7 +44,7 @@
count: "{{ validator_count_instances }}"
wait: yes
region: "{{ region }}"
vpc_subnet_id: "{{ vpc_subnet_id }}"
vpc_subnet_id: "{{ vpc_subnet_id | default('') }}"
volumes: "{{ volumes }}"
assign_public_ip: yes
register: ec2

4
roles/moc/templates/node.toml.j2
View File

@ -13,6 +13,8 @@ port = 30303
snapshot_peers = 500
discovery = false
allow_ips = "public"
min_peers = 5
max_peers = 10
{% endif %}
[rpc]
@ -46,8 +48,6 @@ pruning = "archive"
pruning_history = 1200
fat_db = "on"
cache_size_db = 12000
min_peers = 5
max_peers = 10
{% endif %}
[misc]

3
roles/nodejs/defaults/main.yml
View File

@ -1,3 +1,2 @@
---
NODE_SOURCE_DEB: "https://deb.nodesource.com/node_8.x"
node_version: 8

11
roles/nodejs/tasks/ubuntu.yml
View File

@ -2,15 +2,16 @@
- name: Ensure apt-transport-https is installed.
apt: name=apt-transport-https state=present
- name: add nodejs repository key
- name: Install the gpg key for nodejs LTS
become: yes
apt_key:
keyserver: keyserver.ubuntu.com
id: "{{ node_key_id }}"
url: "https://deb.nodesource.com/gpgkey/nodesource.gpg.key"
state: present
- name: Add nodejs repository
- name: Install the nodejs LTS repos
become: yes
apt_repository:
repo: 'deb {{ node_source_deb }} {{ansible_distribution_release}} main'
repo: "deb https://deb.nodesource.com/node_{{ node_version }}.x {{ ansible_distribution_release }} main"
state: present
- name: Install nodejs packages

7
roles/validator/templates/node.toml.j2
View File

@ -9,9 +9,12 @@ auto_update = "all"
reserved_peers="{{ home }}/bootnodes.txt"
nat="extip:{{ ansible_host }}"
port = 30303
max_peers = 100
{% if validator_archive|default("off") == "on" %}
discovery = false
min_peers = 5
max_peers = 10
{% else %}
max_peers = 100
{% endif %}
[rpc]
@ -45,8 +48,6 @@ pruning = "archive"
pruning_history = 1200
fat_db = "on"
cache_size_db = 12000
min_peers = 5
max_peers = 10
{% endif %}
[misc]