poanetwork
/
deployment-playbooks
mirror of https://github.com/poanetwork/deployment-playbooks.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #82 from lexsys27/ansible-linter 

Ansible linter
This commit is contained in:
phahulin 2018-03-06 16:01:34 +03:00 committed by GitHub
parent ab14bcbe7f 13f2407d18
commit 6f6ba5df16
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 196 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bootnode.yml
View File

@ -2,7 +2,7 @@
- name: Create bootnode security group
hosts: localhost
gather_facts: False
tasks:
tasks:
- name: Create Security group
ec2_group:
ec2_access_key: "{{ access_key }}"
@ -39,7 +39,7 @@
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
key_name: "{{ awskeypair_name }}"
instance_tags:
instance_tags:
Name: "{{ bootnode_instance_name }}"
group: "{{ bootnode_security_group }}"
instance_type: "{{ bootnode_instance_type }}"

4
explorer.yml
View File

@ -2,7 +2,7 @@
- name: Create explorer security group
hosts: localhost
gather_facts: False
tasks:
tasks:
- name: Create Security group
ec2_group:
ec2_access_key: "{{ access_key }}"
@ -39,7 +39,7 @@
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
key_name: "{{ awskeypair_name }}"
instance_tags:
instance_tags:
Name: "{{ explorer_instance_name }}"
group: "{{ explorer_security_group }}"
instance_type: "{{ explorer_instance_type }}"

30
hooks/pre-commit.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/sh
# This is the pre-commit hook that runs each time with `git commit`
# and checks syntax of the playbooks
# To install run
# ln -s ../../hooks/pre-commit.sh .git/hooks/pre-commit
echo "Running pre-commit hook"
STASH_NAME="pre-commit-$(date +%s)"
git stash save -q --keep-index $STASH_NAME
echo "Checking the playbook syntax"
ansible-playbook -i none site.yml --syntax-check
RESULT=$?
if [[ $RESULT == 0 ]]; then
echo "Running Ansible linter"
ansible-lint site.yml
RESULT=$?
fi
STASHES=$(git stash list)
if [[ $STASHES =~ .*$STASH_NAME ]]; then
git stash pop -q
fi
[ $RESULT -ne 0 ] && exit 1
exit 0

4
netstat.yml
View File

@ -2,7 +2,7 @@
- name: Create netstat security group
hosts: localhost
gather_facts: False
tasks:
tasks:
- name: Create Security group
ec2_group:
ec2_access_key: "{{ access_key }}"
@ -39,7 +39,7 @@
ec2_access_key: "{{ access_key }}"
ec2_secret_key: "{{ secret_key }}"
key_name: "{{ awskeypair_name }}"
instance_tags:
instance_tags:
Name: "{{ netstat_instance_name }}"
group: "{{ netstat_security_group }}"
instance_type: "{{ netstat_instance_type }}"

6
roles/bootnode-access/tasks/ec2.yml
View File

@ -40,7 +40,7 @@
from_port: "{{ item }}"
to_port: "{{ item }}"
cidr_ip: 0.0.0.0/0
with_items:
with_items:
- "22"
when: allow_bootnode_ssh == true
@ -75,7 +75,7 @@
from_port: "{{ item }}"
to_port: "{{ item }}"
cidr_ip: 0.0.0.0/0
with_items:
with_items:
- "8545"
when: allow_bootnode_rpc == true
@ -99,6 +99,6 @@
from_port: "{{ item }}"
to_port: "{{ item }}"
cidr_ip: 0.0.0.0/0
with_items:
with_items:
- "30303"
when: allow_bootnode_p2p == true

4
roles/bootnode-access/tasks/main.yml
View File

@ -1,8 +1,8 @@
---
- name: Setup ufw firewall
include: ufw.yml
import_tasks: ufw.yml
when: not ansible_bios_version | search("amazon")
- name: Setup EC2 firewall
include: ec2.yml
import_tasks: ec2.yml
when: ansible_bios_version | search("amazon")

6
roles/explorer-access/tasks/ec2.yml
View File

@ -40,7 +40,7 @@
from_port: "{{ item }}"
to_port: "{{ item }}"
cidr_ip: 0.0.0.0/0
with_items:
with_items:
- "22"
when: allow_explorer_ssh == true
@ -79,7 +79,7 @@
from_port: "{{ item }}"
to_port: "{{ item }}"
cidr_ip: 0.0.0.0/0
with_items:
with_items:
- "30303"
when: allow_explorer_p2p == true
@ -98,6 +98,6 @@
from_port: "{{ item }}"
to_port: "{{ item }}"
cidr_ip: 0.0.0.0/0
with_items:
with_items:
- "3000"
when: allow_explorer_http == true

4
roles/explorer-access/tasks/main.yml
View File

@ -1,8 +1,8 @@
---
- name: Setup ufw firewall
include: ufw.yml
import_tasks: ufw.yml
when: not ansible_bios_version | search("amazon")
- name: Setup EC2 firewall
include: ec2.yml
import_tasks: ec2.yml
when: ansible_bios_version | search("amazon")

12
roles/explorer/tasks/main.yml
View File

@ -26,17 +26,23 @@
with_items:
- node.toml
- git: repo=https://github.com/{{ MAIN_REPO_FETCH }}/chain-explorer dest={{ home }}/chain-explorer
- name: Clone poanetworks/chain-explorer repo from GitHub
git:
repo: "https://github.com/{{ MAIN_REPO_FETCH }}/chain-explorer"
dest: "{{ home }}/chain-explorer"
version: "{{ explorer_version }}"
- name: Install chain_explorer app.json
template: src=app.json.j2 dest={{ home }}/chain-explorer/app.json owner={{ username }} group={{ username }} mode=0644
notify:
- restart poa-chain-explorer
- file: path={{ home }}/chain-explorer owner={{ username }} group={{ username }} recurse=yes
- name: Set group and owner on the chain-explorer directory
file: path={{ home }}/chain-explorer owner={{ username }} group={{ username }} recurse=yes
- name: install npm chain_explorer
shell: "cd /home/{{ username }}/chain-explorer; /usr/bin/npm install"
npm:
path: "/home/{{ username }}/chain-explorer"
become: true
become_user: "{{ username }}"
notify:

1
roles/explorer/vars/main.yml Normal file
View File

@ -0,0 +1 @@
explorer_version: "acee07c"

4
roles/moc-access/tasks/ec2.yml
View File

@ -40,7 +40,7 @@
from_port: "{{ item }}"
to_port: "{{ item }}"
cidr_ip: 0.0.0.0/0
with_items:
with_items:
- "22"
when: allow_moc_ssh == true
@ -63,6 +63,6 @@
from_port: "{{ item }}"
to_port: "{{ item }}"
cidr_ip: 0.0.0.0/0
with_items:
with_items:
- "30303"
when: allow_moc_p2p == true

4
roles/moc-access/tasks/main.yml
View File

@ -1,8 +1,8 @@
---
- name: Setup ufw firewall
include: ufw.yml
import_tasks: ufw.yml
when: not ansible_bios_version | search("amazon")
- name: Setup EC2 firewall
include: ec2.yml
import_tasks: ec2.yml
when: ansible_bios_version | search("amazon")

22
roles/moc/tasks/main.yml
View File

@ -30,23 +30,33 @@
template: src=node_pwd.j2 dest={{ home }}/{{ NODE_PWD }} owner={{ username }} group={{ username }} mode=0600
- name: Config MOC_KEYFILE file
shell: "echo '{{ MOC_KEYFILE }}' > {{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}/{{ username }}.key"
copy:
content: "{{ MOC_KEYFILE }}"
dest: "{{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}/{{ username }}.key"
- git: repo=https://github.com/{{ MAIN_REPO_FETCH }}/poa-scripts-moc dest={{ home }}/poa-scripts-moc version={{ SCRIPTS_MOC_BRANCH }}
- name: Clone poanetworks/poa-scripts-moc repo from GitHub
git:
repo: "https://github.com/{{ MAIN_REPO_FETCH }}/poa-scripts-moc"
dest: "{{ home }}/poa-scripts-moc"
version: "{{ SCRIPTS_MOC_BRANCH }}"
- file: path={{ home }}/poa-scripts-moc owner={{ username }} group={{ username }} recurse=yes
- name: Change owner and group of poa-scripts-moc file
file: path={{ home }}/poa-scripts-moc owner={{ username }} group={{ username }} recurse=yes
- name: install npm initial_keys_script
shell: "cd {{ home }}/poa-scripts-moc; /usr/bin/npm install"
npm:
path: "{{ home }}/poa-scripts-moc"
become: true
become_user: "{{ username }}"
- name: install npm generateInitialKey
shell: "cd {{ home }}/poa-scripts-moc/generateInitialKey; /usr/bin/npm install"
npm:
path: "{{ home }}/poa-scripts-moc/generateInitialKey"
become: true
become_user: "{{ username }}"
- name: install npm distributeTokens
shell: "cd {{ home }}/poa-scripts-moc/distributeTokens; /usr/bin/npm install"
npm:
path: "{{ home }}/poa-scripts-moc/distributeTokens"
become: true
become_user: "{{ username }}"

4
roles/netstat-access/tasks/ec2.yml
View File

@ -40,7 +40,7 @@
from_port: "{{ item }}"
to_port: "{{ item }}"
cidr_ip: 0.0.0.0/0
with_items:
with_items:
- "22"
when: allow_netstat_ssh == true
@ -75,6 +75,6 @@
from_port: "{{ item }}"
to_port: "{{ item }}"
cidr_ip: 0.0.0.0/0
with_items:
with_items:
- "3000"
when: allow_netstat_http == true

4
roles/netstat-access/tasks/main.yml
View File

@ -1,8 +1,8 @@
---
- name: Setup ufw firewall
include: ufw.yml
import_tasks: ufw.yml
when: not ansible_bios_version | search("amazon")
- name: Setup EC2 firewall
include: ec2.yml
import_tasks: ec2.yml
when: ansible_bios_version | search("amazon")

22
roles/netstat/tasks/main.yml
View File

@ -7,27 +7,39 @@
owner: "{{ username }}"
group: "{{ username }}"
- git: repo=https://github.com/{{ MAIN_REPO_FETCH }}/eth-netstats dest={{ home }}/eth-netstats
- name: Clone poanetworks/eth-netstats repo from GitHub
git:
repo: "https://github.com/{{ MAIN_REPO_FETCH }}/eth-netstats"
dest: "{{ home }}/eth-netstats"
version: "{{ netstat_version }}"
- file: path={{ home }}/eth-netstats owner={{ username }} group={{ username }} recurse=yes
- name: Set owner and group on eth-netstats files
file: path={{ home }}/eth-netstats owner={{ username }} group={{ username }} recurse=yes
- name: install npm netstats
shell: "cd /home/{{ username }}/eth-netstats; /usr/bin/npm install"
npm:
path: "/home/{{ username }}/eth-netstats"
become: true
become_user: "{{ username }}"
notify:
- restart poa-dashboard
- name: install npm grunt-cli
shell: "cd /home/{{ username }}/eth-netstats; /usr/bin/npm install -g grunt-cli"
npm:
name: grunt-cli
global: yes
- name: run grunt process
shell: "cd /home/{{ username }}/eth-netstats; grunt"
become: true
become_user: "{{ username }}"
args:
creates: "/home/{{ username }}/dist"
- name: Config ws_secret.json file
shell: "echo '[\"{{ NETSTATS_SECRET }}\"]' > /home/{{ username }}/eth-netstats/ws_secret.json"
copy:
content: '["{{ NETSTATS_SECRET }}"]'
dest: "/home/{{ username }}/eth-netstats/ws_secret.json"
notify:
- restart poa-dashboard

1
roles/netstat/vars/main.yml Normal file
View File

@ -0,0 +1 @@
netstat_version: "cb431d6"

35
roles/nginx/tasks/main.yml
View File

@ -1,9 +1,20 @@
---
- name: Install nginx
apt: name=nginx state=latest
apt: name=nginx state=present
tags: nginx
- file: path=/etc/nginx/ssl state=directory mode=0755
- name: Install Pip
apt:
name: "python3-pip"
state: present
- name: Ensure python OpenSSL dependencies are installed.
pip:
name: pyOpenSSL
state: present
- name: Create directory for nginx SSL certificates
file: path=/etc/nginx/ssl state=directory mode=0755
tags: nginx
- name: Check certificate file
@ -11,11 +22,27 @@
path: /etc/nginx/ssl/server.crt
register: cert_file_check
- name: Generate SSL private key
openssl_privatekey:
path: /etc/nginx/ssl/server.key
size: 4096
when: not cert_file_check.stat.exists
- name: Generate SSL certificate request
openssl_csr:
path: /etc/nginx/ssl/server.csr
privatekey_path: /etc/nginx/ssl/server.key
common_name: "{{ ansible_host }}"
when: not cert_file_check.stat.exists
- name: Generate self-signed SSL certificate
shell: openssl req -new -x509 -nodes -subj "/CN={{ ansible_host }}" -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt
openssl_certificate:
path: /etc/nginx/ssl/server.crt
provider: selfsigned
privatekey_path: /etc/nginx/ssl/server.key
csr_path: /etc/nginx/ssl/server.csr
notify:
- reload nginx
tags: nginx
when: not cert_file_check.stat.exists
- name: Install nginx.conf

12
roles/poa-netstats/tasks/main.yml
View File

@ -15,17 +15,23 @@
owner: "{{ username }}"
group: "{{ username }}"
- git: repo=https://github.com/{{ MAIN_REPO_FETCH }}/eth-net-intelligence-api dest={{ home }}/eth-net-intelligence-api
- name: Clone poanetworks/eth-net-intelligence-api repo from GitHub
git:
repo: "https://github.com/{{ MAIN_REPO_FETCH }}/eth-net-intelligence-api"
dest: "{{ home }}/eth-net-intelligence-api"
version: "{{ api_version }}"
- name: Install netstats config
template: src=app.json.j2 dest={{ home }}/eth-net-intelligence-api/app.json owner={{ username }} group={{ username }} mode=0644
notify:
- restart poa-netstats
- file: path={{ home }}/eth-net-intelligence-api owner={{ username }} group={{ username }} recurse=yes
- name: Change owner and group of eth-net-intelligence-api files
file: path={{ home }}/eth-net-intelligence-api owner={{ username }} group={{ username }} recurse=yes
- name: install npm netstats
shell: "cd /home/{{ username }}/eth-net-intelligence-api; /usr/bin/npm install"
npm:
path: "/home/{{ username }}/eth-net-intelligence-api"
become: true
become_user: "{{ username }}"
notify:

1
roles/poa-netstats/vars/main.yml Normal file
View File

@ -0,0 +1 @@
api_version: "9773b5b"

21
roles/preconf/tasks/main.yml
View File

@ -3,18 +3,9 @@
authorized_key: user=root key={{ item }} state=present exclusive=yes
with_items: "{{ ssh_root }}"
- include: ssh.yml
- include: packages.yml
- include: vars.yml
#- include: ntp.yml
- include: chrony.yml
- include: logrotate.yml
- include: swap.yml
#- selinux:
# state: disabled
#- lineinfile: dest=/etc/ssh/sshd_config regexp="^#Port" line="Port 27091" state=present backrefs=yes
#- name: Set timezone to UTC
# command: timedatectl set-timezone UTC
- import_tasks: ssh.yml
- import_tasks: packages.yml
- import_tasks: vars.yml
- import_tasks: chrony.yml
- import_tasks: logrotate.yml
- import_tasks: swap.yml

5
roles/preconf/tasks/packages.yml
View File

@ -1,9 +1,6 @@
---
- name: Update system
apt: upgrade=dist state=latest update_cache=yes
- name: Install packages
apt: name={{ item }} state=latest
apt: name={{ item }} state=present update_cache=yes
with_items:
- bc
- haveged

6
roles/preconf/tasks/swap.yml
View File

@ -6,10 +6,14 @@
- name: create file for swap
shell: /usr/bin/fallocate -l 1G /swapfile
when: not swap_file_check.stat.exists
tags:
- skip_ansible_lint
- name: format swap file
shell: /sbin/mkswap /swapfile
when: not swap_file_check.stat.exists
tags:
- skip_ansible_lint
- name: set permission to swap file
file: path=/swapfile owner=root group=root mode=0600
@ -17,6 +21,8 @@
- name: add swap file to system
shell: /sbin/swapon /swapfile
when: not swap_file_check.stat.exists
tags:
- skip_ansible_lint
- name: write changes to fstab
mount: name=none src=/swapfile fstype=swap opts=sw passno=0 dump=0 state=present

18
roles/preconf/tasks/vars.yml
View File

@ -1,7 +1,15 @@
---
- sysctl: name=vm.swappiness value=10 state=present
- sysctl: name=vm.vfs_cache_pressure value=50 state=present
- sysctl: name=net.core.somaxconn value=1000 state=present
- name: Set vm.swappiness system parameter
sysctl: name=vm.swappiness value=10 state=present
- lineinfile: dest=/etc/security/limits.conf line="* soft nofile 100000" state=present
- lineinfile: dest=/etc/security/limits.conf line="* hard nofile 100000" state=present
- name: Set vm.vfs_cache_pressure system parameter
sysctl: name=vm.vfs_cache_pressure value=50 state=present
- name: Set net.core.somaxconn system parameter
sysctl: name=net.core.somaxconn value=1000 state=present
- name: Set nofile soft limit
lineinfile: dest=/etc/security/limits.conf line="* soft nofile 100000" state=present
- name: Set nofile hard limit
lineinfile: dest=/etc/security/limits.conf line="* hard nofile 100000" state=present

5
roles/usermanager/tasks/main.yml
View File

@ -1,8 +1,9 @@
---
- user: name={{ item.name }} groups={{ item.addgroups | default('') }} shell=/bin/bash append=yes
- name: Create users
user: name={{ item.name }} groups={{ item.addgroups | default('') }} shell=/bin/bash append=yes
with_items: "{{ users }}"
- include: nested_authorized_key.yml
- include_tasks: nested_authorized_key.yml
with_items: "{{ users }}"
loop_control:
loop_var: outer_item

4
roles/validator-access/tasks/ec2.yml
View File

@ -40,7 +40,7 @@
from_port: "{{ item }}"
to_port: "{{ item }}"
cidr_ip: 0.0.0.0/0
with_items:
with_items:
- "22"
when: allow_validator_ssh == true
@ -63,6 +63,6 @@
from_port: "{{ item }}"
to_port: "{{ item }}"
cidr_ip: 0.0.0.0/0
with_items:
with_items:
- "30303"
when: allow_validator_p2p == true

4
roles/validator-access/tasks/main.yml
View File

@ -1,8 +1,8 @@
---
- name: Setup ufw firewall
include: ufw.yml
import_tasks: ufw.yml
when: not ansible_bios_version | search("amazon")
- name: Setup EC2 firewall
include: ec2.yml
import_tasks: ec2.yml
when: ansible_bios_version | search("amazon")

24
roles/validator/tasks/main.yml
View File

@ -30,16 +30,30 @@
template: src=node_pwd.j2 dest={{ home }}/{{ NODE_PWD }} owner={{ username }} group={{ username }} mode=0600
- name: Config MINING_KEYFILE file
shell: "echo '{{ MINING_KEYFILE }}' > {{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}/validator.key.{{ MINING_ADDRESS }}"
copy:
content: "{{ MINING_KEYFILE }}"
dest: "{{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}/validator.key.{{ MINING_ADDRESS }}"
- git: repo=https://github.com/{{ MAIN_REPO_FETCH }}/poa-scripts-validator dest={{ home }}/poa-scripts-validator version={{ SCRIPTS_VALIDATOR_BRANCH }}
- name: Clone poanetworks/poa-scripts-validator repo from GitHub
git:
repo: "https://github.com/{{ MAIN_REPO_FETCH }}/poa-scripts-validator"
dest: "{{ home }}/poa-scripts-validator"
version: "{{ SCRIPTS_VALIDATOR_BRANCH }}"
- file: src="{{ home }}/node.toml" dest="{{ home }}/poa-scripts-validator/node.toml" owner="{{ username }}" group="{{ username }}" state=link
- name: Link node.toml file
file:
src: "{{ home }}/node.toml"
dest: "{{ home }}/poa-scripts-validator/node.toml"
owner: "{{ username }}"
group: "{{ username }}"
state: link
- file: path={{ home }}/poa-scripts-validator owner={{ username }} group={{ username }} recurse=yes
- name: Set up owner and group on poa-scripts-validator files
file: path={{ home }}/poa-scripts-validator owner={{ username }} group={{ username }} recurse=yes
- name: install npm transferRewardToPayoutKey
shell: "cd {{ home }}/poa-scripts-validator/transferRewardToPayoutKey; /usr/bin/npm install"
npm:
path: "{{ home }}/poa-scripts-validator/transferRewardToPayoutKey"
become: true
become_user: "{{ username }}"
notify:

5
site.yml
View File

@ -8,6 +8,7 @@
tags: preconf
- hosts: bootnode
become: True
vars:
nginx_headers: "on"
PROXY_PORT: "8545"
@ -33,6 +34,7 @@
- bootnode
- hosts: validator
become: True
vars:
username: "validator"
users:
@ -51,6 +53,7 @@
- validator
- hosts: netstat
become: True
vars:
nginx_headers: "off"
PROXY_PORT: "3000"
@ -70,6 +73,7 @@
- netstat
- hosts: explorer
become: True
vars:
nginx_headers: "off"
PROXY_PORT: "3000"
@ -91,6 +95,7 @@
- explorer
- hosts: moc
become: True
vars:
username: "moc"
users: