From 7988410a8da9cbf65a50688c8e4f0b62e8a4e19d Mon Sep 17 00:00:00 2001 From: ArseniiPetrovich Date: Thu, 19 Apr 2018 19:31:20 +0300 Subject: [PATCH] fixes for #76, #79, #80, #92, #99, partially #102, partially #104 --- Vagrantfile | 1 + aws/ansible.cfg | 16 +++ aws/bootnode.yml | 111 ++++++++++++++++++ aws/explorer.yml | 92 +++++++++++++++ aws/group_vars/bootnode.yml.example | 11 ++ aws/group_vars/explorer.yml.example | 9 ++ aws/group_vars/moc.yml.example | 5 + aws/group_vars/netstat.yml.example | 5 + aws/group_vars/validator.yml.example | 6 + aws/hosts.example | 26 ++++ aws/moc.yml | 92 +++++++++++++++ aws/netstat.yml | 92 +++++++++++++++ .../roles}/bootnode-access/tasks/ec2.yml | 0 aws/roles/bootnode-access/tasks/main.yml | 4 + .../roles}/explorer-access/tasks/ec2.yml | 0 aws/roles/explorer-access/tasks/main.yml | 4 + {roles => aws/roles}/moc-access/tasks/ec2.yml | 0 aws/roles/moc-access/tasks/main.yml | 4 + .../roles}/netstat-access/tasks/ec2.yml | 0 aws/roles/netstat-access/tasks/main.yml | 4 + .../roles}/validator-access/tasks/ec2.yml | 0 aws/roles/validator-access/tasks/main.yml | 4 + aws/site.yml | 19 +++ aws/validator.yml | 111 ++++++++++++++++++ bootnode.yml | 105 +---------------- explorer.yml | 86 +------------- group_vars/all.example | 56 +-------- group_vars/all.network | 55 --------- group_vars/bootnode.example | 10 ++ group_vars/explorer.example | 9 ++ group_vars/moc.example | 7 ++ group_vars/netstat.example | 9 ++ group_vars/validator.example | 7 ++ hosts.example | 2 +- moc.yml | 86 +------------- netstat.yml | 86 +------------- roles/bootnode-access/tasks/main.yml | 8 -- roles/bootnode/defaults/main.yml | 11 +- .../handlers/main.yml | 0 roles/bootnode/meta/main.yml | 11 ++ roles/bootnode/tasks/main.yml | 25 +--- .../tasks/ufw.yml | 0 roles/explorer-access/tasks/main.yml | 8 -- roles/explorer/defaults/main.yml | 11 +- roles/explorer/handlers/main.yml | 3 + roles/explorer/meta/main.yml | 8 ++ roles/explorer/tasks/main.yml | 25 +--- .../tasks/ufw.yml | 0 roles/explorer/vars/main.yml | 1 - roles/moc-access/handlers/main.yml | 3 - roles/moc-access/tasks/main.yml | 8 -- roles/moc/defaults/main.yml | 6 +- .../handlers/main.yml | 0 roles/moc/meta/main.yml | 8 ++ roles/moc/tasks/main.yml | 25 +--- roles/{moc-access => moc}/tasks/ufw.yml | 0 roles/netstat-access/handlers/main.yml | 3 - roles/netstat-access/tasks/main.yml | 8 -- roles/netstat/defaults/main.yml | 8 -- roles/netstat/handlers/main.yml | 3 + roles/netstat/meta/main.yml | 6 + roles/netstat/tasks/main.yml | 11 +- .../{netstat-access => netstat}/tasks/ufw.yml | 0 roles/netstat/vars/main.yml | 1 - roles/preconf/tasks/keys.yml | 7 ++ roles/preconf/tasks/logs.yml | 7 ++ roles/preconf/tasks/main.yml | 5 + roles/preconf/tasks/spec.yml | 5 + roles/validator-access/handlers/main.yml | 3 - roles/validator-access/tasks/main.yml | 8 -- roles/validator/defaults/main.yml | 5 + roles/validator/handlers/main.yml | 3 + roles/validator/meta/main.yml | 8 ++ roles/validator/tasks/main.yml | 21 ---- .../tasks/ufw.yml | 0 site.yml | 103 +++------------- validator.yml | 105 +---------------- 77 files changed, 788 insertions(+), 827 deletions(-) create mode 100644 aws/ansible.cfg create mode 100644 aws/bootnode.yml create mode 100644 aws/explorer.yml create mode 100644 aws/group_vars/bootnode.yml.example create mode 100644 aws/group_vars/explorer.yml.example create mode 100644 aws/group_vars/moc.yml.example create mode 100644 aws/group_vars/netstat.yml.example create mode 100644 aws/group_vars/validator.yml.example create mode 100644 aws/hosts.example create mode 100644 aws/moc.yml create mode 100644 aws/netstat.yml rename {roles => aws/roles}/bootnode-access/tasks/ec2.yml (100%) create mode 100644 aws/roles/bootnode-access/tasks/main.yml rename {roles => aws/roles}/explorer-access/tasks/ec2.yml (100%) create mode 100644 aws/roles/explorer-access/tasks/main.yml rename {roles => aws/roles}/moc-access/tasks/ec2.yml (100%) create mode 100644 aws/roles/moc-access/tasks/main.yml rename {roles => aws/roles}/netstat-access/tasks/ec2.yml (100%) create mode 100644 aws/roles/netstat-access/tasks/main.yml rename {roles => aws/roles}/validator-access/tasks/ec2.yml (100%) create mode 100644 aws/roles/validator-access/tasks/main.yml create mode 100644 aws/site.yml create mode 100644 aws/validator.yml delete mode 100644 roles/bootnode-access/tasks/main.yml rename roles/{bootnode-access => bootnode}/handlers/main.yml (100%) create mode 100644 roles/bootnode/meta/main.yml rename roles/{bootnode-access => bootnode}/tasks/ufw.yml (100%) delete mode 100644 roles/explorer-access/tasks/main.yml create mode 100644 roles/explorer/meta/main.yml rename roles/{explorer-access => explorer}/tasks/ufw.yml (100%) delete mode 100644 roles/explorer/vars/main.yml delete mode 100644 roles/moc-access/handlers/main.yml delete mode 100644 roles/moc-access/tasks/main.yml rename roles/{explorer-access => moc}/handlers/main.yml (100%) create mode 100644 roles/moc/meta/main.yml rename roles/{moc-access => moc}/tasks/ufw.yml (100%) delete mode 100644 roles/netstat-access/handlers/main.yml delete mode 100644 roles/netstat-access/tasks/main.yml create mode 100644 roles/netstat/meta/main.yml rename roles/{netstat-access => netstat}/tasks/ufw.yml (100%) delete mode 100644 roles/netstat/vars/main.yml create mode 100644 roles/preconf/tasks/keys.yml create mode 100644 roles/preconf/tasks/logs.yml create mode 100644 roles/preconf/tasks/spec.yml delete mode 100644 roles/validator-access/handlers/main.yml delete mode 100644 roles/validator-access/tasks/main.yml create mode 100644 roles/validator/defaults/main.yml create mode 100644 roles/validator/handlers/main.yml create mode 100644 roles/validator/meta/main.yml rename roles/{validator-access => validator}/tasks/ufw.yml (100%) diff --git a/Vagrantfile b/Vagrantfile index c6425d1..a995204 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -19,6 +19,7 @@ Vagrant.configure("2") do |config| node.vm.hostname = machine node.vm.provision :ansible do |ansible| + ansible.compatibility_mode = "2.0" ansible.playbook = "site.yml" ansible.groups = { "validator" => ["validator"], diff --git a/aws/ansible.cfg b/aws/ansible.cfg new file mode 100644 index 0000000..1b7798d --- /dev/null +++ b/aws/ansible.cfg @@ -0,0 +1,16 @@ +# config file for ansible -- http://ansible.com/ +[defaults] + +remote_tmp = $HOME/.ansible/tmp +forks = 20 +gathering = implicit +# SSH timeout +timeout = 10 +host_key_checking = False + +remote_user = root +ansible_managed = This file is managed by ansible + +[ssh_connection] +pipelining = True +scp_if_ssh = True diff --git a/aws/bootnode.yml b/aws/bootnode.yml new file mode 100644 index 0000000..30f163e --- /dev/null +++ b/aws/bootnode.yml @@ -0,0 +1,111 @@ +--- +- name: Create bootnode security group + hosts: localhost + gather_facts: False + tasks: + - name: Create Security group + ec2_group: + ec2_access_key: "{{ access_key }}" + ec2_secret_key: "{{ secret_key }}" + name: "{{ bootnode_security_group }}" + description: "Default security group" + region: "{{ region }}" + purge_rules_egress: false + purge_rules: false + rules: + - proto: tcp + from_port: 22 + to_port: 22 + cidr_ip: 0.0.0.0/0 + rules_egress: + - proto: all + from_port: all + to_port: all + cidr_ip: 0.0.0.0/0 + tags: bootnode + + +- name: Create bootnode + hosts: localhost + gather_facts: False + vars: + volumes: + - device_name: /dev/sda1 + volume_size: 128 + delete_on_termination: true + tasks: + - name: Launch instance + ec2: + ec2_access_key: "{{ access_key }}" + ec2_secret_key: "{{ secret_key }}" + key_name: "{{ awskeypair_name }}" + instance_tags: + Name: "{{ bootnode_instance_name }}" + group: "{{ bootnode_security_group }}" + instance_type: "{{ bootnode_instance_type }}" + image: "{{ image }}" + count: "{{ bootnode_count_instances }}" + wait: yes + region: "{{ region }}" + vpc_subnet_id: "{{ vpc_subnet_id }}" + volumes: "{{ volumes }}" + assign_public_ip: yes + register: ec2 + - name: Add new instance to host group + add_host: hostname={{ item.public_ip }} groupname=launched + with_items: "{{ ec2.instances }}" + - name: Wait for SSH to come up + wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started + with_items: "{{ ec2.instances }}" + tags: bootnode + +- name: Installing python + hosts: all + hosts: launched + gather_facts: False + user: ubuntu + become: True + vars: + ansible_ssh_port: 22 + tasks: + - name: Install python + raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) + +- name: Configure instance(s) + hosts: launched + user: ubuntu + become: True + vars: + ansible_ssh_port: 22 + gather_facts: True + roles: + - preconf + tags: preconf + tasks: + - name: restart machine after setup + shell: shutdown -r 1 + +- name: Create bootnode elastic ip + hosts: localhost + gather_facts: False + tasks: + - name: associate elastic ip for bootnode + ec2_eip: + ec2_access_key: "{{ access_key }}" + ec2_secret_key: "{{ secret_key }}" + region: "{{ region }}" + reuse_existing_ip_allowed: yes + state: present + in_vpc: yes + device_id: "{{ ec2.instance_ids[0] }}" + register: instance_elastic_ip + when: associate_bootnode_elastic_ip == true + + - debug: var=instance_elastic_ip.public_ip + when: associate_bootnode_elastic_ip == true + +- name: EC2 access setup + hosts: bootnode + become: True + roles: + - bootnode-access \ No newline at end of file diff --git a/aws/explorer.yml b/aws/explorer.yml new file mode 100644 index 0000000..59f6399 --- /dev/null +++ b/aws/explorer.yml @@ -0,0 +1,92 @@ +--- +- name: Create explorer security group + hosts: localhost + gather_facts: False + tasks: + - name: Create Security group + ec2_group: + ec2_access_key: "{{ access_key }}" + ec2_secret_key: "{{ secret_key }}" + name: "{{ explorer_security_group }}" + description: "Default security group" + region: "{{ region }}" + purge_rules_egress: false + purge_rules: false + rules: + - proto: tcp + from_port: 22 + to_port: 22 + cidr_ip: 0.0.0.0/0 + rules_egress: + - proto: all + from_port: all + to_port: all + cidr_ip: 0.0.0.0/0 + tags: explorer + + +- name: Create explorer + hosts: localhost + gather_facts: False + vars: + volumes: + - device_name: /dev/sda1 + volume_size: 128 + delete_on_termination: true + tasks: + - name: Launch instance + ec2: + ec2_access_key: "{{ access_key }}" + ec2_secret_key: "{{ secret_key }}" + key_name: "{{ awskeypair_name }}" + instance_tags: + Name: "{{ explorer_instance_name }}" + group: "{{ explorer_security_group }}" + instance_type: "{{ explorer_instance_type }}" + image: "{{ image }}" + count: "{{ explorer_count_instances }}" + wait: yes + region: "{{ region }}" + vpc_subnet_id: "{{ vpc_subnet_id }}" + volumes: "{{ volumes }}" + assign_public_ip: yes + register: ec2 + - name: Add new instance to host group + add_host: hostname={{ item.public_ip }} groupname=launched + with_items: "{{ ec2.instances }}" + - name: Wait for SSH to come up + wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started + with_items: "{{ ec2.instances }}" + tags: explorer + +- name: Installing python + hosts: all + hosts: launched + gather_facts: False + user: ubuntu + become: True + vars: + ansible_ssh_port: 22 + tasks: + - name: Install python + raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) + +- name: Configure instance(s) + hosts: launched + user: ubuntu + become: True + vars: + ansible_ssh_port: 22 + gather_facts: True + roles: + - preconf + tags: preconf + tasks: + - name: restart machine after setup + shell: shutdown -r 1 + +- name: EC2 access setup + hosts: explorer + become: True + roles: + - explorer-access \ No newline at end of file diff --git a/aws/group_vars/bootnode.yml.example b/aws/group_vars/bootnode.yml.example new file mode 100644 index 0000000..51acc15 --- /dev/null +++ b/aws/group_vars/bootnode.yml.example @@ -0,0 +1,11 @@ +bootnode_instance_type: "t2.large" +bootnode_instance_name: "bootnode" +bootnode_count_instances: "1" + +bootnode_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-bootnode-security" + +associate_bootnode_elastic_ip: false + +allow_bootnode_ssh: true +allow_bootnode_p2p: true +allow_bootnode_rpc: false diff --git a/aws/group_vars/explorer.yml.example b/aws/group_vars/explorer.yml.example new file mode 100644 index 0000000..d081fa9 --- /dev/null +++ b/aws/group_vars/explorer.yml.example @@ -0,0 +1,9 @@ +explorer_instance_type: "t2.large" +explorer_instance_name: "explorer" +explorer_count_instances: "1" + +explorer_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-explorer-security" + +allow_explorer_ssh: true +allow_explorer_p2p: true +allow_explorer_http: true diff --git a/aws/group_vars/moc.yml.example b/aws/group_vars/moc.yml.example new file mode 100644 index 0000000..cae0c05 --- /dev/null +++ b/aws/group_vars/moc.yml.example @@ -0,0 +1,5 @@ +moc_instance_type: "t2.large" +moc_instance_name: "moc" +moc_count_instances: "1" + +moc_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-moc-security" diff --git a/aws/group_vars/netstat.yml.example b/aws/group_vars/netstat.yml.example new file mode 100644 index 0000000..5327c8a --- /dev/null +++ b/aws/group_vars/netstat.yml.example @@ -0,0 +1,5 @@ +netstat_instance_type: "t2.large" +netstat_instance_name: "netstat" +netstat_count_instances: "1" + +netstat_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-netstat-security" diff --git a/aws/group_vars/validator.yml.example b/aws/group_vars/validator.yml.example new file mode 100644 index 0000000..00efc92 --- /dev/null +++ b/aws/group_vars/validator.yml.example @@ -0,0 +1,6 @@ +validator_instance_type: "t2.large" +validator_instance_name: "validator" +validator_count_instances: "1" + +validator_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-validator-security" +associate_validator_elastic_ip: false diff --git a/aws/hosts.example b/aws/hosts.example new file mode 100644 index 0000000..5c02a56 --- /dev/null +++ b/aws/hosts.example @@ -0,0 +1,26 @@ +# This is the default ansible 'hosts' file. +# +# It should live in /etc/ansible/hosts +# +# - Comments begin with the '#' character +# - Blank lines are ignored +# - Groups of hosts are delimited by [header] elements +# - You can enter hostnames or ip addresses +# - A hostname/ip can be a member of multiple groups + +[bootnode] + +[moc] + +[netstat] + +[validator] + +[explorer] + +[poa:children] +bootnode +moc +netstat +validator +explorer \ No newline at end of file diff --git a/aws/moc.yml b/aws/moc.yml new file mode 100644 index 0000000..3165dac --- /dev/null +++ b/aws/moc.yml @@ -0,0 +1,92 @@ +--- +- name: Create moc security group + hosts: localhost + gather_facts: False + tasks: + - name: Create Security group + ec2_group: + ec2_access_key: "{{ access_key }}" + ec2_secret_key: "{{ secret_key }}" + name: "{{ moc_security_group }}" + description: "Default security group" + region: "{{ region }}" + purge_rules_egress: false + purge_rules: false + rules: + - proto: tcp + from_port: 22 + to_port: 22 + cidr_ip: 0.0.0.0/0 + rules_egress: + - proto: all + from_port: all + to_port: all + cidr_ip: 0.0.0.0/0 + tags: moc + + +- name: Create moc + hosts: localhost + gather_facts: False + vars: + volumes: + - device_name: /dev/sda1 + volume_size: 128 + delete_on_termination: true + tasks: + - name: Launch instance + ec2: + ec2_access_key: "{{ access_key }}" + ec2_secret_key: "{{ secret_key }}" + key_name: "{{ awskeypair_name }}" + instance_tags: + Name: "{{ moc_instance_name }}" + group: "{{ moc_security_group }}" + instance_type: "{{ moc_instance_type }}" + image: "{{ image }}" + count: "{{ moc_count_instances }}" + wait: yes + region: "{{ region }}" + vpc_subnet_id: "{{ vpc_subnet_id }}" + volumes: "{{ volumes }}" + assign_public_ip: yes + register: ec2 + - name: Add new instance to host group + add_host: hostname={{ item.public_ip }} groupname=launched + with_items: "{{ ec2.instances }}" + - name: Wait for SSH to come up + wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started + with_items: "{{ ec2.instances }}" + tags: moc + +- name: Installing python + hosts: all + hosts: launched + gather_facts: False + user: ubuntu + become: True + vars: + ansible_ssh_port: 22 + tasks: + - name: Install python + raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) + +- name: Configure instance(s) + hosts: launched + user: ubuntu + become: True + vars: + ansible_ssh_port: 22 + gather_facts: True + roles: + - preconf + tags: preconf + tasks: + - name: restart machine after setup + shell: shutdown -r 1 + +- name: EC2 access setup + hosts: moc + become: True + roles: + - moc-access \ No newline at end of file diff --git a/aws/netstat.yml b/aws/netstat.yml new file mode 100644 index 0000000..5686644 --- /dev/null +++ b/aws/netstat.yml @@ -0,0 +1,92 @@ +--- +- name: Create netstat security group + hosts: localhost + gather_facts: False + tasks: + - name: Create Security group + ec2_group: + ec2_access_key: "{{ access_key }}" + ec2_secret_key: "{{ secret_key }}" + name: "{{ netstat_security_group }}" + description: "Default security group" + region: "{{ region }}" + purge_rules_egress: false + purge_rules: false + rules: + - proto: tcp + from_port: 22 + to_port: 22 + cidr_ip: 0.0.0.0/0 + rules_egress: + - proto: all + from_port: all + to_port: all + cidr_ip: 0.0.0.0/0 + tags: netstat + + +- name: Create netstat + hosts: localhost + gather_facts: False + vars: + volumes: + - device_name: /dev/sda1 + volume_size: 128 + delete_on_termination: true + tasks: + - name: Launch instance + ec2: + ec2_access_key: "{{ access_key }}" + ec2_secret_key: "{{ secret_key }}" + key_name: "{{ awskeypair_name }}" + instance_tags: + Name: "{{ netstat_instance_name }}" + group: "{{ netstat_security_group }}" + instance_type: "{{ netstat_instance_type }}" + image: "{{ image }}" + count: "{{ netstat_count_instances }}" + wait: yes + region: "{{ region }}" + vpc_subnet_id: "{{ vpc_subnet_id }}" + volumes: "{{ volumes }}" + assign_public_ip: yes + register: ec2 + - name: Add new instance to host group + add_host: hostname={{ item.public_ip }} groupname=launched + with_items: "{{ ec2.instances }}" + - name: Wait for SSH to come up + wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started + with_items: "{{ ec2.instances }}" + tags: netstat + +- name: Installing python + hosts: all + hosts: launched + gather_facts: False + user: ubuntu + become: True + vars: + ansible_ssh_port: 22 + tasks: + - name: Install python + raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) + +- name: Configure instance(s) + hosts: launched + user: ubuntu + become: True + vars: + ansible_ssh_port: 22 + gather_facts: True + roles: + - preconf + tags: preconf + tasks: + - name: restart machine after setup + shell: shutdown -r 1 + +- name: EC2 access setup + hosts: netstat + become: True + roles: + - netstat-access \ No newline at end of file diff --git a/roles/bootnode-access/tasks/ec2.yml b/aws/roles/bootnode-access/tasks/ec2.yml similarity index 100% rename from roles/bootnode-access/tasks/ec2.yml rename to aws/roles/bootnode-access/tasks/ec2.yml diff --git a/aws/roles/bootnode-access/tasks/main.yml b/aws/roles/bootnode-access/tasks/main.yml new file mode 100644 index 0000000..a6e0567 --- /dev/null +++ b/aws/roles/bootnode-access/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Setup EC2 firewall + import_tasks: ec2.yml + when: ansible_bios_version | search("amazon") diff --git a/roles/explorer-access/tasks/ec2.yml b/aws/roles/explorer-access/tasks/ec2.yml similarity index 100% rename from roles/explorer-access/tasks/ec2.yml rename to aws/roles/explorer-access/tasks/ec2.yml diff --git a/aws/roles/explorer-access/tasks/main.yml b/aws/roles/explorer-access/tasks/main.yml new file mode 100644 index 0000000..a6e0567 --- /dev/null +++ b/aws/roles/explorer-access/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Setup EC2 firewall + import_tasks: ec2.yml + when: ansible_bios_version | search("amazon") diff --git a/roles/moc-access/tasks/ec2.yml b/aws/roles/moc-access/tasks/ec2.yml similarity index 100% rename from roles/moc-access/tasks/ec2.yml rename to aws/roles/moc-access/tasks/ec2.yml diff --git a/aws/roles/moc-access/tasks/main.yml b/aws/roles/moc-access/tasks/main.yml new file mode 100644 index 0000000..a6e0567 --- /dev/null +++ b/aws/roles/moc-access/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Setup EC2 firewall + import_tasks: ec2.yml + when: ansible_bios_version | search("amazon") diff --git a/roles/netstat-access/tasks/ec2.yml b/aws/roles/netstat-access/tasks/ec2.yml similarity index 100% rename from roles/netstat-access/tasks/ec2.yml rename to aws/roles/netstat-access/tasks/ec2.yml diff --git a/aws/roles/netstat-access/tasks/main.yml b/aws/roles/netstat-access/tasks/main.yml new file mode 100644 index 0000000..a6e0567 --- /dev/null +++ b/aws/roles/netstat-access/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Setup EC2 firewall + import_tasks: ec2.yml + when: ansible_bios_version | search("amazon") diff --git a/roles/validator-access/tasks/ec2.yml b/aws/roles/validator-access/tasks/ec2.yml similarity index 100% rename from roles/validator-access/tasks/ec2.yml rename to aws/roles/validator-access/tasks/ec2.yml diff --git a/aws/roles/validator-access/tasks/main.yml b/aws/roles/validator-access/tasks/main.yml new file mode 100644 index 0000000..a6e0567 --- /dev/null +++ b/aws/roles/validator-access/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Setup EC2 firewall + import_tasks: ec2.yml + when: ansible_bios_version | search("amazon") diff --git a/aws/site.yml b/aws/site.yml new file mode 100644 index 0000000..9e34770 --- /dev/null +++ b/aws/site.yml @@ -0,0 +1,19 @@ +- name: Bootnode deployment + import_playbook: bootnode.yml + tags: bootnode + +- name: Explorer deployment + import_playbook: explorer.yml + tags: explorer + +- name: Moc deployment + import_playbook: moc.yml + tags: moc + +- name: Netstat deployment + import_playbook: netstat.yml + tags: netstat + +- name: Validator deployment + import_playbook: validator.yml + tags: validator diff --git a/aws/validator.yml b/aws/validator.yml new file mode 100644 index 0000000..6541b76 --- /dev/null +++ b/aws/validator.yml @@ -0,0 +1,111 @@ +--- +- name: Create validator security group + hosts: localhost + gather_facts: False + tasks: + - name: Create Security group + ec2_group: + ec2_access_key: "{{ access_key }}" + ec2_secret_key: "{{ secret_key }}" + name: "{{ validator_security_group }}" + description: "Default security group" + region: "{{ region }}" + purge_rules_egress: false + purge_rules: false + rules: + - proto: tcp + from_port: 22 + to_port: 22 + cidr_ip: 0.0.0.0/0 + rules_egress: + - proto: all + from_port: all + to_port: all + cidr_ip: 0.0.0.0/0 + tags: validator + + +- name: Create validator + hosts: localhost + gather_facts: False + vars: + volumes: + - device_name: /dev/sda1 + volume_size: 128 + delete_on_termination: true + tasks: + - name: Launch instance + ec2: + ec2_access_key: "{{ access_key }}" + ec2_secret_key: "{{ secret_key }}" + key_name: "{{ awskeypair_name }}" + instance_tags: + Name: "{{ validator_instance_name }}" + group: "{{ validator_security_group }}" + instance_type: "{{ validator_instance_type }}" + image: "{{ image }}" + count: "{{ validator_count_instances }}" + wait: yes + region: "{{ region }}" + vpc_subnet_id: "{{ vpc_subnet_id }}" + volumes: "{{ volumes }}" + assign_public_ip: yes + register: ec2 + - name: Add new instance to host group + add_host: hostname={{ item.public_ip }} groupname=launched + with_items: "{{ ec2.instances }}" + - name: Wait for SSH to come up + wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started + with_items: "{{ ec2.instances }}" + tags: validator + +- name: Installing python + hosts: all + hosts: launched + gather_facts: False + user: ubuntu + become: True + vars: + ansible_ssh_port: 22 + tasks: + - name: Install python + raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) + +- name: Configure instance(s) + hosts: launched + user: ubuntu + become: True + vars: + ansible_ssh_port: 22 + gather_facts: True + roles: + - preconf + tags: preconf + tasks: + - name: restart machine after setup + shell: shutdown -r 1 + +- name: Create validator elastic ip + hosts: localhost + gather_facts: False + tasks: + - name: associate elastic ip for validator + ec2_eip: + ec2_access_key: "{{ access_key }}" + ec2_secret_key: "{{ secret_key }}" + region: "{{ region }}" + reuse_existing_ip_allowed: yes + state: present + in_vpc: yes + device_id: "{{ ec2.instance_ids[0] }}" + register: instance_elastic_ip + when: associate_validator_elastic_ip == true + + - debug: var=instance_elastic_ip.public_ip + when: associate_validator_elastic_ip == true + +- name: EC2 access setup + hosts: validator + become: True + roles: + - validator-access \ No newline at end of file diff --git a/bootnode.yml b/bootnode.yml index 874b0f4..bb8f9ba 100644 --- a/bootnode.yml +++ b/bootnode.yml @@ -1,105 +1,4 @@ ---- -- name: Create bootnode security group - hosts: localhost - gather_facts: False - tasks: - - name: Create Security group - ec2_group: - ec2_access_key: "{{ access_key }}" - ec2_secret_key: "{{ secret_key }}" - name: "{{ bootnode_security_group }}" - description: "Default security group" - region: "{{ region }}" - purge_rules_egress: false - purge_rules: false - rules: - - proto: tcp - from_port: 22 - to_port: 22 - cidr_ip: 0.0.0.0/0 - rules_egress: - - proto: all - from_port: all - to_port: all - cidr_ip: 0.0.0.0/0 - tags: bootnode - - -- name: Create bootnode - hosts: localhost - gather_facts: False - vars: - volumes: - - device_name: /dev/sda1 - volume_size: 128 - delete_on_termination: true - tasks: - - name: Launch instance - ec2: - ec2_access_key: "{{ access_key }}" - ec2_secret_key: "{{ secret_key }}" - key_name: "{{ awskeypair_name }}" - instance_tags: - Name: "{{ bootnode_instance_name }}" - group: "{{ bootnode_security_group }}" - instance_type: "{{ bootnode_instance_type }}" - image: "{{ image }}" - count: "{{ bootnode_count_instances }}" - wait: yes - region: "{{ region }}" - vpc_subnet_id: "{{ vpc_subnet_id }}" - volumes: "{{ volumes }}" - assign_public_ip: yes - register: ec2 - - name: Add new instance to host group - add_host: hostname={{ item.public_ip }} groupname=launched - with_items: "{{ ec2.instances }}" - - name: Wait for SSH to come up - wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started - with_items: "{{ ec2.instances }}" - tags: bootnode - -- name: Installing python - hosts: all - hosts: launched - gather_facts: False - user: ubuntu +- hosts: bootnode become: True - vars: - ansible_ssh_port: 22 - tasks: - - name: Install python - raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) - -- name: Configure instance(s) - hosts: launched - user: ubuntu - become: True - vars: - ansible_ssh_port: 22 - gather_facts: True roles: - - preconf - tags: preconf - tasks: - - name: restart machine after setup - shell: shutdown -r 1 - -- name: Create bootnode elastic ip - hosts: localhost - gather_facts: False - tasks: - - name: associate elastic ip for bootnode - ec2_eip: - ec2_access_key: "{{ access_key }}" - ec2_secret_key: "{{ secret_key }}" - region: "{{ region }}" - reuse_existing_ip_allowed: yes - state: present - in_vpc: yes - device_id: "{{ ec2.instance_ids[0] }}" - register: instance_elastic_ip - when: associate_bootnode_elastic_ip == true - - - debug: var=instance_elastic_ip.public_ip - when: associate_bootnode_elastic_ip == true + - bootnode diff --git a/explorer.yml b/explorer.yml index a82b7d6..6c6360b 100644 --- a/explorer.yml +++ b/explorer.yml @@ -1,86 +1,4 @@ ---- -- name: Create explorer security group - hosts: localhost - gather_facts: False - tasks: - - name: Create Security group - ec2_group: - ec2_access_key: "{{ access_key }}" - ec2_secret_key: "{{ secret_key }}" - name: "{{ explorer_security_group }}" - description: "Default security group" - region: "{{ region }}" - purge_rules_egress: false - purge_rules: false - rules: - - proto: tcp - from_port: 22 - to_port: 22 - cidr_ip: 0.0.0.0/0 - rules_egress: - - proto: all - from_port: all - to_port: all - cidr_ip: 0.0.0.0/0 - tags: explorer - - -- name: Create explorer - hosts: localhost - gather_facts: False - vars: - volumes: - - device_name: /dev/sda1 - volume_size: 128 - delete_on_termination: true - tasks: - - name: Launch instance - ec2: - ec2_access_key: "{{ access_key }}" - ec2_secret_key: "{{ secret_key }}" - key_name: "{{ awskeypair_name }}" - instance_tags: - Name: "{{ explorer_instance_name }}" - group: "{{ explorer_security_group }}" - instance_type: "{{ explorer_instance_type }}" - image: "{{ image }}" - count: "{{ explorer_count_instances }}" - wait: yes - region: "{{ region }}" - vpc_subnet_id: "{{ vpc_subnet_id }}" - volumes: "{{ volumes }}" - assign_public_ip: yes - register: ec2 - - name: Add new instance to host group - add_host: hostname={{ item.public_ip }} groupname=launched - with_items: "{{ ec2.instances }}" - - name: Wait for SSH to come up - wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started - with_items: "{{ ec2.instances }}" - tags: explorer - -- name: Installing python - hosts: all - hosts: launched - gather_facts: False - user: ubuntu +- hosts: explorer become: True - vars: - ansible_ssh_port: 22 - tasks: - - name: Install python - raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) - -- name: Configure instance(s) - hosts: launched - user: ubuntu - become: True - vars: - ansible_ssh_port: 22 - gather_facts: True roles: - - preconf - tags: preconf - tasks: - - name: restart machine after setup - shell: shutdown -r 1 + - explorer \ No newline at end of file diff --git a/group_vars/all.example b/group_vars/all.example index 5a29151..fe40cae 100644 --- a/group_vars/all.example +++ b/group_vars/all.example @@ -45,58 +45,4 @@ NODE_SOURCE_DEB: "https://deb.nodesource.com/node_8.x" PARITY_BIN_LOC: "https://d1h4xl4cr1h0mo.cloudfront.net/v1.9.2/x86_64-unknown-linux-gnu/parity" PARITY_BIN_SHA256: "3604a030388cd2c22ebe687787413522106c697610426e09b3c5da4fe70bbd33" ORCHESTRATOR_BIN_LOC: "" -ORCHESTRATOR_BIN_SHA256: "" - -#bootnode -bootnode_instance_type: "t2.large" -bootnode_instance_name: "bootnode" -bootnode_count_instances: "1" -bootnode_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-bootnode-security" -bootnode_archive: "off" -bootnode_orchestrator: "off" - -#netstat -netstat_instance_type: "t2.large" -netstat_instance_name: "netstat" -netstat_count_instances: "1" -netstat_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-netstat-security" - -#validator -validator_instance_type: "t2.large" -validator_instance_name: "validator" -validator_count_instances: "1" -validator_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-validator-security" -validator_archive: "off" - -#moc -moc_instance_type: "t2.large" -moc_instance_name: "moc" -moc_count_instances: "1" -moc_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-moc-security" -moc_archive: "off" - -#explorer -explorer_instance_type: "t2.large" -explorer_instance_name: "explorer" -explorer_count_instances: "1" -explorer_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-explorer-security" - -#restrict network access to instances -allow_bootnode_ssh: true -allow_bootnode_p2p: true -allow_bootnode_rpc: true -associate_bootnode_elastic_ip: false - -allow_explorer_ssh: true -allow_explorer_p2p: true -allow_explorer_http: true - -allow_moc_ssh: true -allow_moc_p2p: true - -allow_netstat_ssh: true -allow_netstat_http: true - -allow_validator_ssh: true -allow_validator_p2p: true -associate_validator_elastic_ip: false +ORCHESTRATOR_BIN_SHA256: "" \ No newline at end of file diff --git a/group_vars/all.network b/group_vars/all.network index f9c703d..83cbef8 100644 --- a/group_vars/all.network +++ b/group_vars/all.network @@ -23,58 +23,3 @@ GENESIS_NETWORK_NAME: "PoA" MOC_ADDRESS: "0xdd0bb0e2a1594240fed0c2f2c17c1e9ab4f87126" BLK_GAS_LIMIT: "6700000" -#bootnode -bootnode_instance_type: "t2.large" -bootnode_instance_name: "bootnode" -bootnode_count_instances: "1" -bootnode_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-bootnode-security" -bootnode_archive: "off" -bootnode_orchestrator: "off" - -#netstat -netstat_instance_type: "t2.large" -netstat_instance_name: "netstat" -netstat_count_instances: "1" -netstat_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-netstat-security" - -#validator -validator_instance_type: "t2.large" -validator_instance_name: "validator" -validator_count_instances: "1" -validator_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-validator-security" -validator_archive: "off" - -#moc -moc_instance_type: "t2.large" -moc_instance_name: "moc" -moc_count_instances: "1" -moc_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-moc-security" -moc_archive: "off" - -#explorer -explorer_instance_type: "t2.large" -explorer_instance_name: "explorer" -explorer_count_instances: "1" -explorer_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-explorer-security" - -#restrict network access to instances -allow_bootnode_ssh: true -allow_bootnode_p2p: true -allow_bootnode_rpc: true -associate_bootnode_elastic_ip: false - -allow_explorer_ssh: true -allow_explorer_p2p: true -allow_explorer_http: true - -allow_moc_ssh: true -allow_moc_p2p: true - -allow_netstat_ssh: true -allow_netstat_http: true - -allow_validator_ssh: true -allow_validator_p2p: true -associate_validator_elastic_ip: false - -################################################################ diff --git a/group_vars/bootnode.example b/group_vars/bootnode.example index 5af1683..6448313 100644 --- a/group_vars/bootnode.example +++ b/group_vars/bootnode.example @@ -9,3 +9,13 @@ NODE_ADMIN_EMAIL: "INSERT@EMAIL" NETSTATS_SERVER: "INSERT FULL URL" NETSTATS_SECRET: "INSERT SECRET" + +username: "bootnode" +users: + - name: "{{ username }}" +home: "/home/{{ username }}" +nginx_headers: "on" +PROXY_PORT: "8545" + +bootnode_archive: "off" +bootnode_orchestrator: "off" \ No newline at end of file diff --git a/group_vars/explorer.example b/group_vars/explorer.example index d89e1a7..71597ec 100644 --- a/group_vars/explorer.example +++ b/group_vars/explorer.example @@ -3,3 +3,12 @@ secret_key: "INSERT SECRET HERE" awskeypair_name: "keypairname" vpc_subnet_id: "subnet-ID-number" + +username: "explorer" +users: + - name: "{{ username }}" +home: "/home/{{ username }}" + +nginx_headers: "off" +PROXY_PORT: "3000" +explorerS_SERVER: "localhost" \ No newline at end of file diff --git a/group_vars/moc.example b/group_vars/moc.example index ec506dc..545e2de 100644 --- a/group_vars/moc.example +++ b/group_vars/moc.example @@ -12,3 +12,10 @@ NETSTATS_SECRET: "INSERT SECRET" MOC_KEYPASS: "INSERT HERE" MOC_KEYFILE: 'INSERT HERE' + +username: "moc" +users: + - name: "{{ username }}" +home: "/home/{{ username }}" + +moc_archive: "off" \ No newline at end of file diff --git a/group_vars/netstat.example b/group_vars/netstat.example index 134a83c..d3cf671 100644 --- a/group_vars/netstat.example +++ b/group_vars/netstat.example @@ -8,3 +8,12 @@ NODE_FULLNAME: "INSERT NODENAME" NODE_ADMIN_EMAIL: "INSERT@EMAIL" NETSTATS_SECRET: "INSERT SECRET" + +username: "netstat" +users: + - name: "{{ username }}" +home: "/home/{{ username }}" + +nginx_headers: "off" +PROXY_PORT: "3000" +NETSTATS_SERVER: "http://localhost:3000" \ No newline at end of file diff --git a/group_vars/validator.example b/group_vars/validator.example index a03add8..01af60a 100644 --- a/group_vars/validator.example +++ b/group_vars/validator.example @@ -13,3 +13,10 @@ NETSTATS_SECRET: "INSERT SECRET" MINING_KEYFILE: 'INSERT HERE' MINING_ADDRESS: "INSERT HERE" MINING_KEYPASS: "INSERT HERE" + +username: "validator" +users: + - name: "{{ username }}" +home: "/home/{{ username }}" + +validator_archive: "off" \ No newline at end of file diff --git a/hosts.example b/hosts.example index 448242f..5c02a56 100644 --- a/hosts.example +++ b/hosts.example @@ -23,4 +23,4 @@ bootnode moc netstat validator -explorer +explorer \ No newline at end of file diff --git a/moc.yml b/moc.yml index 6bd3334..7e3da3b 100644 --- a/moc.yml +++ b/moc.yml @@ -1,86 +1,4 @@ ---- -- name: Create moc security group - hosts: localhost - gather_facts: False - tasks: - - name: Create Security group - ec2_group: - ec2_access_key: "{{ access_key }}" - ec2_secret_key: "{{ secret_key }}" - name: "{{ moc_security_group }}" - description: "Default security group" - region: "{{ region }}" - purge_rules_egress: false - purge_rules: false - rules: - - proto: tcp - from_port: 22 - to_port: 22 - cidr_ip: 0.0.0.0/0 - rules_egress: - - proto: all - from_port: all - to_port: all - cidr_ip: 0.0.0.0/0 - tags: moc - - -- name: Create moc - hosts: localhost - gather_facts: False - vars: - volumes: - - device_name: /dev/sda1 - volume_size: 128 - delete_on_termination: true - tasks: - - name: Launch instance - ec2: - ec2_access_key: "{{ access_key }}" - ec2_secret_key: "{{ secret_key }}" - key_name: "{{ awskeypair_name }}" - instance_tags: - Name: "{{ moc_instance_name }}" - group: "{{ moc_security_group }}" - instance_type: "{{ moc_instance_type }}" - image: "{{ image }}" - count: "{{ moc_count_instances }}" - wait: yes - region: "{{ region }}" - vpc_subnet_id: "{{ vpc_subnet_id }}" - volumes: "{{ volumes }}" - assign_public_ip: yes - register: ec2 - - name: Add new instance to host group - add_host: hostname={{ item.public_ip }} groupname=launched - with_items: "{{ ec2.instances }}" - - name: Wait for SSH to come up - wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started - with_items: "{{ ec2.instances }}" - tags: moc - -- name: Installing python - hosts: all - hosts: launched - gather_facts: False - user: ubuntu +- hosts: moc become: True - vars: - ansible_ssh_port: 22 - tasks: - - name: Install python - raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) - -- name: Configure instance(s) - hosts: launched - user: ubuntu - become: True - vars: - ansible_ssh_port: 22 - gather_facts: True roles: - - preconf - tags: preconf - tasks: - - name: restart machine after setup - shell: shutdown -r 1 + - moc \ No newline at end of file diff --git a/netstat.yml b/netstat.yml index de10a0b..7dfa414 100644 --- a/netstat.yml +++ b/netstat.yml @@ -1,86 +1,4 @@ ---- -- name: Create netstat security group - hosts: localhost - gather_facts: False - tasks: - - name: Create Security group - ec2_group: - ec2_access_key: "{{ access_key }}" - ec2_secret_key: "{{ secret_key }}" - name: "{{ netstat_security_group }}" - description: "Default security group" - region: "{{ region }}" - purge_rules_egress: false - purge_rules: false - rules: - - proto: tcp - from_port: 22 - to_port: 22 - cidr_ip: 0.0.0.0/0 - rules_egress: - - proto: all - from_port: all - to_port: all - cidr_ip: 0.0.0.0/0 - tags: netstat - - -- name: Create netstat - hosts: localhost - gather_facts: False - vars: - volumes: - - device_name: /dev/sda1 - volume_size: 128 - delete_on_termination: true - tasks: - - name: Launch instance - ec2: - ec2_access_key: "{{ access_key }}" - ec2_secret_key: "{{ secret_key }}" - key_name: "{{ awskeypair_name }}" - instance_tags: - Name: "{{ netstat_instance_name }}" - group: "{{ netstat_security_group }}" - instance_type: "{{ netstat_instance_type }}" - image: "{{ image }}" - count: "{{ netstat_count_instances }}" - wait: yes - region: "{{ region }}" - vpc_subnet_id: "{{ vpc_subnet_id }}" - volumes: "{{ volumes }}" - assign_public_ip: yes - register: ec2 - - name: Add new instance to host group - add_host: hostname={{ item.public_ip }} groupname=launched - with_items: "{{ ec2.instances }}" - - name: Wait for SSH to come up - wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started - with_items: "{{ ec2.instances }}" - tags: netstat - -- name: Installing python - hosts: all - hosts: launched - gather_facts: False - user: ubuntu +- hosts: netstat become: True - vars: - ansible_ssh_port: 22 - tasks: - - name: Install python - raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) - -- name: Configure instance(s) - hosts: launched - user: ubuntu - become: True - vars: - ansible_ssh_port: 22 - gather_facts: True roles: - - preconf - tags: preconf - tasks: - - name: restart machine after setup - shell: shutdown -r 1 + - netstat \ No newline at end of file diff --git a/roles/bootnode-access/tasks/main.yml b/roles/bootnode-access/tasks/main.yml deleted file mode 100644 index 0a565cc..0000000 --- a/roles/bootnode-access/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Setup ufw firewall - import_tasks: ufw.yml - when: not ansible_bios_version | search("amazon") - -- name: Setup EC2 firewall - import_tasks: ec2.yml - when: ansible_bios_version | search("amazon") diff --git a/roles/bootnode/defaults/main.yml b/roles/bootnode/defaults/main.yml index b22ff4e..60c69c8 100644 --- a/roles/bootnode/defaults/main.yml +++ b/roles/bootnode/defaults/main.yml @@ -1,14 +1,5 @@ --- -username: "bootnode" -users: - - name: "{{ username }}" -home: "/home/{{ username }}" -nginx_headers: "on" -PROXY_PORT: "8545" allow_bootnode_ssh: true allow_bootnode_p2p: true -allow_bootnode_rpc: false - -bootnode_archive: "off" -bootnode_orchestrator: "off" +allow_bootnode_rpc: false \ No newline at end of file diff --git a/roles/bootnode-access/handlers/main.yml b/roles/bootnode/handlers/main.yml similarity index 100% rename from roles/bootnode-access/handlers/main.yml rename to roles/bootnode/handlers/main.yml diff --git a/roles/bootnode/meta/main.yml b/roles/bootnode/meta/main.yml new file mode 100644 index 0000000..aaa6dc1 --- /dev/null +++ b/roles/bootnode/meta/main.yml @@ -0,0 +1,11 @@ +dependencies: + - { role: preconf } + - { role: usermanager } +# - { role: logentries } + - { role: nodejs } + - { role: poa-logrotate } + - { role: poa-parity } + - { role: poa-pm2 } + - { role: poa-netstats } + - { role: poa-orchestrator, when: "(bootnode_orchestrator or 'off') == 'on'" } + - { role: nginx } \ No newline at end of file diff --git a/roles/bootnode/tasks/main.yml b/roles/bootnode/tasks/main.yml index 8fb2616..aeac1bf 100644 --- a/roles/bootnode/tasks/main.yml +++ b/roles/bootnode/tasks/main.yml @@ -1,29 +1,12 @@ --- -- name: Create directory parity_data/keys/NetworkName - file: - path: "{{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}" - state: directory - mode: 0700 - owner: "{{ username }}" - group: "{{ username }}" - -- name: Create logs directories - file: - path: "/{{ home }}/logs/old" - state: directory - mode: 0755 - owner: "{{ username }}" - group: "{{ username }}" - -- name: Download spec.json - get_url: url={{ item }} dest={{ home }}/ mode=0644 - with_items: - - "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/spec.json" - - "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/bootnodes.txt" - name: Create node.toml template: src={{ item }}.j2 dest={{ home }}/node.toml owner=root group=root mode=0644 with_items: - node.toml + +- name: Setup ufw firewall + import_tasks: ufw.yml + when: not ansible_bios_version | search("amazon") #- file: path={{ home }} owner={{ username }} group={{ username }} recurse=yes diff --git a/roles/bootnode-access/tasks/ufw.yml b/roles/bootnode/tasks/ufw.yml similarity index 100% rename from roles/bootnode-access/tasks/ufw.yml rename to roles/bootnode/tasks/ufw.yml diff --git a/roles/explorer-access/tasks/main.yml b/roles/explorer-access/tasks/main.yml deleted file mode 100644 index 0a565cc..0000000 --- a/roles/explorer-access/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Setup ufw firewall - import_tasks: ufw.yml - when: not ansible_bios_version | search("amazon") - -- name: Setup EC2 firewall - import_tasks: ec2.yml - when: ansible_bios_version | search("amazon") diff --git a/roles/explorer/defaults/main.yml b/roles/explorer/defaults/main.yml index 0f05064..287e61d 100644 --- a/roles/explorer/defaults/main.yml +++ b/roles/explorer/defaults/main.yml @@ -1,12 +1,5 @@ -username: "explorer" -users: - - name: "{{ username }}" -home: "/home/{{ username }}" +----- allow_explorer_ssh: true allow_explorer_p2p: true -allow_explorer_http: true - -nginx_headers: "off" -PROXY_PORT: "3000" -explorerS_SERVER: "localhost" +allow_explorer_http: true \ No newline at end of file diff --git a/roles/explorer/handlers/main.yml b/roles/explorer/handlers/main.yml index bdb6883..13a96e4 100644 --- a/roles/explorer/handlers/main.yml +++ b/roles/explorer/handlers/main.yml @@ -1,3 +1,6 @@ --- - name: restart poa-chain-explorer service: name=poa-chain-explorer state=restarted + + - name: restart ufw + service: name=ufw state=restarted \ No newline at end of file diff --git a/roles/explorer/meta/main.yml b/roles/explorer/meta/main.yml new file mode 100644 index 0000000..e42d9a3 --- /dev/null +++ b/roles/explorer/meta/main.yml @@ -0,0 +1,8 @@ +dependencies: + - { role: preconf } + - { role: usermanager } + - { role: nodejs } + - { role: poa-logrotate } + - { role: poa-parity } + - { role: poa-pm2 } + - { role: nginx } \ No newline at end of file diff --git a/roles/explorer/tasks/main.yml b/roles/explorer/tasks/main.yml index 39b2876..7bc69be 100644 --- a/roles/explorer/tasks/main.yml +++ b/roles/explorer/tasks/main.yml @@ -1,25 +1,4 @@ --- -- name: Create directory parity_data/keys/NetworkName - file: - path: "{{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}" - state: directory - mode: 0700 - owner: "{{ username }}" - group: "{{ username }}" - -- name: Create logs directories - file: - path: "/{{ home }}/logs/old" - state: directory - mode: 0755 - owner: "{{ username }}" - group: "{{ username }}" - -- name: Download spec.json - get_url: url={{ item }} dest={{ home }}/ mode=0644 - with_items: - - "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/spec.json" - - "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/bootnodes.txt" - name: Create node.toml template: src={{ item }}.j2 dest={{ home }}/node.toml owner=root group=root mode=0644 @@ -60,3 +39,7 @@ - name: Ensure poa-chain-explorer is running and enabled to start at boot service: name=poa-chain-explorer state=started enabled=yes + +- name: Setup ufw firewall + import_tasks: ufw.yml + when: not ansible_bios_version | search("amazon") diff --git a/roles/explorer-access/tasks/ufw.yml b/roles/explorer/tasks/ufw.yml similarity index 100% rename from roles/explorer-access/tasks/ufw.yml rename to roles/explorer/tasks/ufw.yml diff --git a/roles/explorer/vars/main.yml b/roles/explorer/vars/main.yml deleted file mode 100644 index af7e34d..0000000 --- a/roles/explorer/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -explorer_version: "acee07c" diff --git a/roles/moc-access/handlers/main.yml b/roles/moc-access/handlers/main.yml deleted file mode 100644 index af9cbcf..0000000 --- a/roles/moc-access/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: restart ufw - service: name=ufw state=restarted diff --git a/roles/moc-access/tasks/main.yml b/roles/moc-access/tasks/main.yml deleted file mode 100644 index 0a565cc..0000000 --- a/roles/moc-access/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Setup ufw firewall - import_tasks: ufw.yml - when: not ansible_bios_version | search("amazon") - -- name: Setup EC2 firewall - import_tasks: ec2.yml - when: ansible_bios_version | search("amazon") diff --git a/roles/moc/defaults/main.yml b/roles/moc/defaults/main.yml index 9055a04..ba5ed06 100644 --- a/roles/moc/defaults/main.yml +++ b/roles/moc/defaults/main.yml @@ -1,8 +1,4 @@ --- -username: "moc" -users: - - name: "{{ username }}" -home: "/home/{{ username }}" allow_moc_ssh: true -allow_moc_p2p: true +allow_moc_p2p: true \ No newline at end of file diff --git a/roles/explorer-access/handlers/main.yml b/roles/moc/handlers/main.yml similarity index 100% rename from roles/explorer-access/handlers/main.yml rename to roles/moc/handlers/main.yml diff --git a/roles/moc/meta/main.yml b/roles/moc/meta/main.yml new file mode 100644 index 0000000..6589e8f --- /dev/null +++ b/roles/moc/meta/main.yml @@ -0,0 +1,8 @@ +dependencies: + - { role: preconf } + - { role: usermanager } + - { role: nodejs } + - { role: poa-logrotate } + - { role: poa-parity } + - { role: poa-pm2 } + - { role: poa-netstats } \ No newline at end of file diff --git a/roles/moc/tasks/main.yml b/roles/moc/tasks/main.yml index d53ab24..4b29614 100644 --- a/roles/moc/tasks/main.yml +++ b/roles/moc/tasks/main.yml @@ -1,25 +1,4 @@ --- -- name: Create directory parity_data/keys/NetworkName - file: - path: "{{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}" - state: directory - mode: 0700 - owner: "{{ username }}" - group: "{{ username }}" - -- name: Create logs directories - file: - path: "/{{ home }}/logs/old" - state: directory - mode: 0755 - owner: "{{ username }}" - group: "{{ username }}" - -- name: Download spec.json - get_url: url={{ item }} dest={{ home }}/ mode=0644 - with_items: - - "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/spec.json" - - "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/bootnodes.txt" - name: Create node.toml template: src={{ item }}.j2 dest={{ home }}/node.toml owner=root group=root mode=0644 @@ -60,3 +39,7 @@ path: "{{ home }}/poa-scripts-moc/distributeTokens" become: true become_user: "{{ username }}" + +- name: Setup ufw firewall + import_tasks: ufw.yml + when: not ansible_bios_version | search("amazon") \ No newline at end of file diff --git a/roles/moc-access/tasks/ufw.yml b/roles/moc/tasks/ufw.yml similarity index 100% rename from roles/moc-access/tasks/ufw.yml rename to roles/moc/tasks/ufw.yml diff --git a/roles/netstat-access/handlers/main.yml b/roles/netstat-access/handlers/main.yml deleted file mode 100644 index af9cbcf..0000000 --- a/roles/netstat-access/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: restart ufw - service: name=ufw state=restarted diff --git a/roles/netstat-access/tasks/main.yml b/roles/netstat-access/tasks/main.yml deleted file mode 100644 index 0a565cc..0000000 --- a/roles/netstat-access/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Setup ufw firewall - import_tasks: ufw.yml - when: not ansible_bios_version | search("amazon") - -- name: Setup EC2 firewall - import_tasks: ec2.yml - when: ansible_bios_version | search("amazon") diff --git a/roles/netstat/defaults/main.yml b/roles/netstat/defaults/main.yml index f1afef9..1871848 100644 --- a/roles/netstat/defaults/main.yml +++ b/roles/netstat/defaults/main.yml @@ -1,12 +1,4 @@ --- -username: "netstat" -users: - - name: "{{ username }}" -home: "/home/{{ username }}" allow_netstat_ssh: true allow_netstat_http: true - -nginx_headers: "off" -PROXY_PORT: "3000" -NETSTATS_SERVER: "http://localhost:3000" diff --git a/roles/netstat/handlers/main.yml b/roles/netstat/handlers/main.yml index 214cc14..21c72f9 100644 --- a/roles/netstat/handlers/main.yml +++ b/roles/netstat/handlers/main.yml @@ -1,3 +1,6 @@ --- - name: restart poa-dashboard service: name=poa-dashboard state=restarted + +- name: restart ufw + service: name=ufw state=restarted \ No newline at end of file diff --git a/roles/netstat/meta/main.yml b/roles/netstat/meta/main.yml new file mode 100644 index 0000000..c03c541 --- /dev/null +++ b/roles/netstat/meta/main.yml @@ -0,0 +1,6 @@ +dependencies: + - { role: preconf } + - { role: usermanager } + - { role: nodejs } + - { role: poa-logrotate } + - { role: nginx } \ No newline at end of file diff --git a/roles/netstat/tasks/main.yml b/roles/netstat/tasks/main.yml index e985d47..119bc17 100644 --- a/roles/netstat/tasks/main.yml +++ b/roles/netstat/tasks/main.yml @@ -1,11 +1,4 @@ --- -- name: Create logs directories - file: - path: "/{{ home }}/logs/old" - state: directory - mode: 0755 - owner: "{{ username }}" - group: "{{ username }}" - name: Clone poanetworks/eth-netstats repo from GitHub git: @@ -50,3 +43,7 @@ - name: Ensure poa-dashboard is running and enabled to start at boot service: name=poa-dashboard state=started enabled=yes + +- name: Setup ufw firewall + import_tasks: ufw.yml + when: not ansible_bios_version | search("amazon") \ No newline at end of file diff --git a/roles/netstat-access/tasks/ufw.yml b/roles/netstat/tasks/ufw.yml similarity index 100% rename from roles/netstat-access/tasks/ufw.yml rename to roles/netstat/tasks/ufw.yml diff --git a/roles/netstat/vars/main.yml b/roles/netstat/vars/main.yml deleted file mode 100644 index 2fd30d8..0000000 --- a/roles/netstat/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -netstat_version: "cb431d6" diff --git a/roles/preconf/tasks/keys.yml b/roles/preconf/tasks/keys.yml new file mode 100644 index 0000000..30709b6 --- /dev/null +++ b/roles/preconf/tasks/keys.yml @@ -0,0 +1,7 @@ +- name: Create directory parity_data/keys/NetworkName + file: + path: "{{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}" + state: directory + mode: 0700 + owner: "{{ username }}" + group: "{{ username }}" \ No newline at end of file diff --git a/roles/preconf/tasks/logs.yml b/roles/preconf/tasks/logs.yml new file mode 100644 index 0000000..2db375e --- /dev/null +++ b/roles/preconf/tasks/logs.yml @@ -0,0 +1,7 @@ +- name: Create logs directories + file: + path: "/{{ home }}/logs/old" + state: directory + mode: 0755 + owner: "{{ username }}" + group: "{{ username }}" \ No newline at end of file diff --git a/roles/preconf/tasks/main.yml b/roles/preconf/tasks/main.yml index 14d2b9a..c9091e0 100644 --- a/roles/preconf/tasks/main.yml +++ b/roles/preconf/tasks/main.yml @@ -9,3 +9,8 @@ - import_tasks: chrony.yml - import_tasks: logrotate.yml - import_tasks: swap.yml +- import_tasks: logs.yml +- import_tasks: keys.yml + when: ‘netstat’ not in ansible_hostname +- import_tasks: spec.yml + when: ‘netstat’ not in ansible_hostname diff --git a/roles/preconf/tasks/spec.yml b/roles/preconf/tasks/spec.yml new file mode 100644 index 0000000..419beeb --- /dev/null +++ b/roles/preconf/tasks/spec.yml @@ -0,0 +1,5 @@ +- name: Download spec.json + get_url: url={{ item }} dest={{ home }}/ mode=0644 + with_items: + - "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/spec.json" + - "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/bootnodes.txt" \ No newline at end of file diff --git a/roles/validator-access/handlers/main.yml b/roles/validator-access/handlers/main.yml deleted file mode 100644 index af9cbcf..0000000 --- a/roles/validator-access/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: restart ufw - service: name=ufw state=restarted diff --git a/roles/validator-access/tasks/main.yml b/roles/validator-access/tasks/main.yml deleted file mode 100644 index 0a565cc..0000000 --- a/roles/validator-access/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Setup ufw firewall - import_tasks: ufw.yml - when: not ansible_bios_version | search("amazon") - -- name: Setup EC2 firewall - import_tasks: ec2.yml - when: ansible_bios_version | search("amazon") diff --git a/roles/validator/defaults/main.yml b/roles/validator/defaults/main.yml new file mode 100644 index 0000000..37fd20d --- /dev/null +++ b/roles/validator/defaults/main.yml @@ -0,0 +1,5 @@ +--- + +allow_validator_ssh: true +allow_validator_p2p: true + diff --git a/roles/validator/handlers/main.yml b/roles/validator/handlers/main.yml new file mode 100644 index 0000000..d0b2b2a --- /dev/null +++ b/roles/validator/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart ufw + service: name=ufw state=restarted \ No newline at end of file diff --git a/roles/validator/meta/main.yml b/roles/validator/meta/main.yml new file mode 100644 index 0000000..6589e8f --- /dev/null +++ b/roles/validator/meta/main.yml @@ -0,0 +1,8 @@ +dependencies: + - { role: preconf } + - { role: usermanager } + - { role: nodejs } + - { role: poa-logrotate } + - { role: poa-parity } + - { role: poa-pm2 } + - { role: poa-netstats } \ No newline at end of file diff --git a/roles/validator/tasks/main.yml b/roles/validator/tasks/main.yml index 8ca23ba..343ed19 100644 --- a/roles/validator/tasks/main.yml +++ b/roles/validator/tasks/main.yml @@ -1,25 +1,4 @@ --- -- name: Create directory parity_data/keys/NetworkName - file: - path: "{{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}" - state: directory - mode: 0700 - owner: "{{ username }}" - group: "{{ username }}" - -- name: Create logs directories - file: - path: "/{{ home }}/logs/old" - state: directory - mode: 0755 - owner: "{{ username }}" - group: "{{ username }}" - -- name: Download spec.json - get_url: url={{ item }} dest={{ home }}/ mode=0644 - with_items: - - "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/spec.json" - - "https://raw.githubusercontent.com/{{ MAIN_REPO_FETCH }}/poa-chain-spec/{{ GENESIS_BRANCH }}/bootnodes.txt" - name: Create node.toml template: src={{ item }}.j2 dest={{ home }}/node.toml owner=root group=root mode=0644 diff --git a/roles/validator-access/tasks/ufw.yml b/roles/validator/tasks/ufw.yml similarity index 100% rename from roles/validator-access/tasks/ufw.yml rename to roles/validator/tasks/ufw.yml diff --git a/site.yml b/site.yml index 66ea55a..9e34770 100644 --- a/site.yml +++ b/site.yml @@ -1,84 +1,19 @@ ---- -- hosts: all - user: ubuntu - become: True -# user: root - roles: - - preconf - tags: preconf - -- hosts: bootnode - become: True - roles: - - usermanager -# - logentries - - nodejs - - bootnode - - poa-logrotate - - poa-parity - - poa-pm2 - - poa-netstats - - { role: poa-orchestrator, when: "(bootnode_orchestrator or 'off') == 'on'" } - - nginx - - bootnode-access - tags: - - bootnode - -- hosts: validator - become: True - vars: - username: "validator" - users: - - name: "validator" - home: "/home/validator" - roles: - - usermanager - - nodejs - - poa-logrotate - - poa-parity - - poa-pm2 - - poa-netstats - - validator - - validator-access - tags: - - validator - -- hosts: netstat - become: True - roles: - - usermanager - - nodejs - - poa-logrotate - - netstat - - nginx - - netstat-access - tags: - - netstat - -- hosts: explorer - become: True - roles: - - usermanager - - nodejs - - poa-logrotate - - poa-parity - - poa-pm2 - - explorer - - nginx - - explorer-access - tags: - - explorer - -- hosts: moc - become: True - roles: - - usermanager - - nodejs - - poa-logrotate - - poa-parity - - poa-pm2 - - poa-netstats - - moc - - moc-access - tags: - - moc +- name: Bootnode deployment + import_playbook: bootnode.yml + tags: bootnode + +- name: Explorer deployment + import_playbook: explorer.yml + tags: explorer + +- name: Moc deployment + import_playbook: moc.yml + tags: moc + +- name: Netstat deployment + import_playbook: netstat.yml + tags: netstat + +- name: Validator deployment + import_playbook: validator.yml + tags: validator diff --git a/validator.yml b/validator.yml index 52f2370..21205aa 100644 --- a/validator.yml +++ b/validator.yml @@ -1,105 +1,4 @@ ---- -- name: Create validator security group - hosts: localhost - gather_facts: False - tasks: - - name: Create Security group - ec2_group: - ec2_access_key: "{{ access_key }}" - ec2_secret_key: "{{ secret_key }}" - name: "{{ validator_security_group }}" - description: "Default security group" - region: "{{ region }}" - purge_rules_egress: false - purge_rules: false - rules: - - proto: tcp - from_port: 22 - to_port: 22 - cidr_ip: 0.0.0.0/0 - rules_egress: - - proto: all - from_port: all - to_port: all - cidr_ip: 0.0.0.0/0 - tags: validator - - -- name: Create validator - hosts: localhost - gather_facts: False - vars: - volumes: - - device_name: /dev/sda1 - volume_size: 128 - delete_on_termination: true - tasks: - - name: Launch instance - ec2: - ec2_access_key: "{{ access_key }}" - ec2_secret_key: "{{ secret_key }}" - key_name: "{{ awskeypair_name }}" - instance_tags: - Name: "{{ validator_instance_name }}" - group: "{{ validator_security_group }}" - instance_type: "{{ validator_instance_type }}" - image: "{{ image }}" - count: "{{ validator_count_instances }}" - wait: yes - region: "{{ region }}" - vpc_subnet_id: "{{ vpc_subnet_id }}" - volumes: "{{ volumes }}" - assign_public_ip: yes - register: ec2 - - name: Add new instance to host group - add_host: hostname={{ item.public_ip }} groupname=launched - with_items: "{{ ec2.instances }}" - - name: Wait for SSH to come up - wait_for: host={{ item.public_ip }} port=22 delay=90 timeout=320 state=started - with_items: "{{ ec2.instances }}" - tags: validator - -- name: Installing python - hosts: all - hosts: launched - gather_facts: False - user: ubuntu +- hosts: validator become: True - vars: - ansible_ssh_port: 22 - tasks: - - name: Install python - raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) - -- name: Configure instance(s) - hosts: launched - user: ubuntu - become: True - vars: - ansible_ssh_port: 22 - gather_facts: True roles: - - preconf - tags: preconf - tasks: - - name: restart machine after setup - shell: shutdown -r 1 - -- name: Create validator elastic ip - hosts: localhost - gather_facts: False - tasks: - - name: associate elastic ip for validator - ec2_eip: - ec2_access_key: "{{ access_key }}" - ec2_secret_key: "{{ secret_key }}" - region: "{{ region }}" - reuse_existing_ip_allowed: yes - state: present - in_vpc: yes - device_id: "{{ ec2.instance_ids[0] }}" - register: instance_elastic_ip - when: associate_validator_elastic_ip == true - - - debug: var=instance_elastic_ip.public_ip - when: associate_validator_elastic_ip == true + - validator \ No newline at end of file