mirror of https://github.com/poanetwork/gecko.git
ansible: Add service_playbook.yml & supporting roles
This playbook - Installs Gecko dependencies - Clones & builds ava-build/gecko - Creates an ava user - Installs Gecko in /usr/bin - Creates and installs a staking certificate - Installs Gecko as a Systemd service called "ava" - Configures /var/lib/ava/db as the database - Configures /var/log/ava as the log destination - Starts the service
This commit is contained in:
Alex Willmer
parent
bba45ed183
commit
99ca4a50af
|
|
@ -18,6 +18,7 @@ jobs:
|
|||
scripts/ansible/kill_playbook.yml
|
||||
scripts/ansible/ping_playbook.yml
|
||||
scripts/ansible/restart_playbook.yml
|
||||
scripts/ansible/service_playbook.yml
|
||||
scripts/ansible/update_playbook.yml
|
||||
|
||||
args:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
ava_nodes:
|
||||
hosts:
|
||||
localhost:
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
- name: Install deps
|
||||
become: true
|
||||
apt:
|
||||
name:
|
||||
# Build
|
||||
- cmake
|
||||
- curl
|
||||
- g++
|
||||
- golang-go # Assumes Ubuntu 20.04, where this installs Go 1.13
|
||||
- libssl-dev
|
||||
- libuv1-dev
|
||||
- make
|
||||
# Staking key management
|
||||
- openssl
|
||||
- python3-cryptography
|
||||
state: present
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
staking_tls_key_file: "{{ repo_folder }}/keys/staker.key"
|
||||
staking_tls_csr_file: "{{ repo_folder }}/keys/staker.csr"
|
||||
staking_tls_cert_file: "{{ repo_folder }}/keys/staker.crt"
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
- name: Create staker key
|
||||
openssl_privatekey:
|
||||
path: "{{ staking_tls_key_file }}"
|
||||
type: RSA
|
||||
size: 4096
|
||||
|
||||
- name: Create staker certificate request
|
||||
openssl_csr:
|
||||
path: "{{ staking_tls_csr_file }}"
|
||||
C: US
|
||||
ST: NY
|
||||
O: Avalabs
|
||||
CN: ava
|
||||
privatekey_path: "{{ staking_tls_key_file }}"
|
||||
digest: sha256
|
||||
# genStaker.sh doesn't include a subjectAltName in the signing request.
|
||||
# If subject_alt_name isn't specified, then Ansible defaults to using
|
||||
# the CN as the SAN.
|
||||
use_common_name_for_san: false
|
||||
|
||||
# genStaker.sh generates a certificate valid for 365250 days (1000 years).
|
||||
# That duration is not replicated here, because specifying a relative
|
||||
# time to ownca_not_after would make this task non-idempotent.
|
||||
- name: Create staker certificate
|
||||
openssl_certificate:
|
||||
path: "{{ staking_tls_cert_file }}"
|
||||
csr_path: "{{ staking_tls_csr_file }}"
|
||||
ownca_path: "{{ repo_folder }}/keys/rootCA.crt"
|
||||
ownca_privatekey_path: "{{ repo_folder }}/keys/rootCA.key"
|
||||
ownca_digest: sha256
|
||||
provider: ownca
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
ava_daemon_bin_dir: "/usr/bin"
|
||||
ava_daemon_data_dir: "/var/lib/{{ ava_daemon_user }}"
|
||||
ava_daemon_db_dir: "{{ ava_daemon_data_dir }}/db"
|
||||
ava_daemon_keys_dir: "{{ ava_daemon_data_dir }}/keys"
|
||||
ava_daemon_log_dir: "/var/log/ava"
|
||||
ava)daemon_plugin_dir: "/usr/lib/ava/plugins"
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
- name: Create directories
|
||||
become: true
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
owner: "{{ item.owner | default(ava_daemon_user) }}"
|
||||
group: "{{ item.group | default(ava_daemon_group) }}"
|
||||
mode: "{{ item.mode }}"
|
||||
recurse: "{{ item.recurse | default(omit) }}"
|
||||
state: directory
|
||||
loop:
|
||||
- path: "{{ ava_daemon_data_dir }}"
|
||||
mode: u=rwX,go=rX
|
||||
- path: "{{ ava_daemon_keys_dir }}"
|
||||
mode: u=rX,go=
|
||||
- path: "{{ ava_daemon_log_dir }}"
|
||||
mode: u=rwX,go=rX
|
||||
- path: "{{ ava_daemon_plugin_dir }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rwX,go=rX
|
||||
recurse: true
|
||||
loop_control:
|
||||
label: "{{ item.path }}"
|
||||
notify:
|
||||
- Restart AVA service
|
||||
|
||||
- name: Install binary
|
||||
become: true
|
||||
copy:
|
||||
src: "{{ ava_binary }}"
|
||||
dest: "{{ ava_daemon_bin_dir }}/ava"
|
||||
remote_src: true
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rwx,go=rx
|
||||
notify:
|
||||
- Restart AVA service
|
||||
|
||||
- name: Install plugins
|
||||
become: true
|
||||
copy:
|
||||
src: "{{ item.path }}"
|
||||
dest: "{{ ava_daemon_plugin_dir }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rwx,go=rx
|
||||
remote_src: true
|
||||
loop:
|
||||
- path: "{{ repo_folder }}/build/plugins/evm"
|
||||
notify:
|
||||
- Restart AVA service
|
||||
|
||||
- name: Install staking files
|
||||
become: true
|
||||
copy:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ ava_daemon_keys_dir }}"
|
||||
owner: "{{ ava_daemon_user }}"
|
||||
group: "{{ ava_daemon_group }}"
|
||||
mode: "{{ item.mode }}"
|
||||
remote_src: true
|
||||
loop:
|
||||
- src: "{{ staking_tls_key_file }}"
|
||||
mode: u=r,go=
|
||||
- src: "{{ staking_tls_cert_file }}"
|
||||
mode: ugo=r
|
||||
notify:
|
||||
- Restart AVA service
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
ava_daemon_bin_dir: "/usr/bin"
|
||||
ava_daemon_data_dir: "/var/lib/{{ ava_daemon_user }}"
|
||||
ava_daemon_keys_dir: "{{ ava_daemon_data_dir }}/keys"
|
||||
ava_daemon_plugin_dir: "/usr/lib/ava/plugins"
|
||||
log_level: info
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
- name: Reload systemd
|
||||
become: true
|
||||
systemd:
|
||||
daaemon_reload: true
|
||||
|
||||
- name: Restart AVA service
|
||||
become: true
|
||||
service:
|
||||
name: ava
|
||||
state: restarted
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
- name: Configure AVA service
|
||||
become: true
|
||||
template:
|
||||
src: ava.service
|
||||
dest: /etc/systemd/system
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,go=r
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart AVA service
|
||||
|
||||
- name: Enable AVA service
|
||||
become: true
|
||||
systemd:
|
||||
name: ava
|
||||
state: started
|
||||
enabled: true
|
||||
daemon_reload: true
|
||||
notify:
|
||||
- Restart AVA service
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
[Unit]
|
||||
Description=AVA test node
|
||||
Documentation=https://docs.ava.network/
|
||||
After=network.target
|
||||
StartLimitIntervalSec=0
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
WorkingDirectory={{ ava_daemon_data_dir }}
|
||||
Restart=always
|
||||
RestartSec=1
|
||||
User={{ ava_daemon_user }}
|
||||
ExecStart={{ ava_daemon_bin_dir }}/ava \
|
||||
--public-ip="{{ ansible_facts.default_ipv4.address }}" \
|
||||
--db-dir="{{ ava_daemon_db_dir }}" \
|
||||
--plugin-dir="{{ ava_daemon_plugin_dir }}" \
|
||||
--log-dir="{{ ava_daemon_log_dir }}" \
|
||||
--log-level="{{ log_level }}"
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -0,0 +1 @@
|
|||
log_level: info
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
ava_daemon_user: ava
|
||||
ava_daemon_group: "{{ ava_daemon_user }}"
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
- name: Create AVA daemon group
|
||||
become: true
|
||||
group:
|
||||
name: "{{ ava_daemon_group }}"
|
||||
system: true
|
||||
|
||||
- name: Create AVA daemon user
|
||||
become: true
|
||||
user:
|
||||
name: "{{ ava_daemon_user }}"
|
||||
group: "{{ ava_daemon_group }}"
|
||||
home: "{{ ava_daemon_data_dir }}"
|
||||
shell: /bin/false
|
||||
skeleton: false
|
||||
system: true
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
- name: Set GOPATH
|
||||
lineinfile:
|
||||
path: ~/.bashrc
|
||||
line: GOPATH=$HOME/go
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
- name: Configure AVA service
|
||||
hosts: ava_nodes
|
||||
roles:
|
||||
- name: ava-base
|
||||
- name: gopath
|
||||
- name: ava-build
|
||||
- name: ava-certs
|
||||
- name: ava-user
|
||||
- name: ava-install
|
||||
- name: ava-service
|
||||
Loading…
Reference in New Issue