ansible and terraform moved to tendermint core repo
see https://github.com/tendermint/tendermint/tree/master/networks
This commit is contained in:
parent
ab9881471a
commit
7fac16dc7f
|
@ -1,2 +0,0 @@
|
|||
.vagrant/
|
||||
*.retry
|
192
ansible/LICENSE
192
ansible/LICENSE
|
@ -1,192 +0,0 @@
|
|||
Copyright (C) 2017 Tendermint
|
||||
|
||||
|
||||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
https://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
https://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
|
@ -1,291 +0,0 @@
|
|||
Using Ansible
|
||||
=============
|
||||
|
||||
.. figure:: assets/a_plus_t.png
|
||||
:alt: Ansible plus Tendermint
|
||||
|
||||
Ansible plus Tendermint
|
||||
|
||||
The playbooks in `our ansible directory <https://github.com/tendermint/tools/tree/master/ansible>`__
|
||||
run ansible `roles <http://www.ansible.com/>`__ which:
|
||||
|
||||
- install and configure basecoind or ethermint
|
||||
- start/stop basecoind or ethermint and reset their configuration
|
||||
|
||||
Prerequisites
|
||||
-------------
|
||||
|
||||
- Ansible 2.0 or higher
|
||||
- SSH key to the servers
|
||||
|
||||
Optional for DigitalOcean droplets:
|
||||
|
||||
- DigitalOcean API Token
|
||||
- python dopy package
|
||||
|
||||
For a description on how to get a DigitalOcean API Token, see the explanation
|
||||
in the `using terraform tutorial <./terraform-digitalocean.html>`__.
|
||||
|
||||
Optional for Amazon AWS instances:
|
||||
|
||||
- Amazon AWS API access key ID and secret access key.
|
||||
|
||||
The cloud inventory scripts come from the ansible team at their
|
||||
`GitHub <https://github.com/ansible/ansible>`__ page. You can get the
|
||||
latest version from the ``contrib/inventory`` folder.
|
||||
|
||||
Setup
|
||||
-----
|
||||
|
||||
Ansible requires a "command machine" or "local machine" or "orchestrator
|
||||
machine" to run on. This can be your laptop or any machine that can run
|
||||
ansible. (It does not have to be part of the cloud network that hosts
|
||||
your servers.)
|
||||
|
||||
Use the official `Ansible installation
|
||||
guide <http://docs.ansible.com/ansible/intro_installation.html>`__ to
|
||||
install Ansible. Here are a few examples on basic installation commands:
|
||||
|
||||
Ubuntu/Debian:
|
||||
|
||||
::
|
||||
|
||||
sudo apt-get install ansible
|
||||
|
||||
CentOS/RedHat:
|
||||
|
||||
::
|
||||
|
||||
sudo yum install epel-release
|
||||
sudo yum install ansible
|
||||
|
||||
Mac OSX: If you have `Homebrew <https://brew.sh>`__ installed, then it's:
|
||||
|
||||
::
|
||||
|
||||
brew install ansible
|
||||
|
||||
If not, you can install it using ``pip``:
|
||||
|
||||
::
|
||||
|
||||
sudo easy_install pip
|
||||
sudo pip install ansible
|
||||
|
||||
To make life easier, you can start an SSH Agent and load your SSH
|
||||
key(s). This way ansible will have an uninterrupted way of connecting to
|
||||
your servers.
|
||||
|
||||
::
|
||||
|
||||
ssh-agent > ~/.ssh/ssh.env
|
||||
source ~/.ssh/ssh.env
|
||||
|
||||
ssh-add private.key
|
||||
|
||||
Subsequently, as long as the agent is running, you can use
|
||||
``source ~/.ssh/ssh.env`` to load the keys to the current session. Note:
|
||||
On Mac OSX, you can add the ``-K`` option to ssh-add to store the
|
||||
passphrase in your keychain. The security of this feature is debated but
|
||||
it is convenient.
|
||||
|
||||
Optional cloud dependencies
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
If you are using a cloud provider to host your servers, you need the
|
||||
below dependencies installed on your local machine.
|
||||
|
||||
DigitalOcean inventory dependencies:
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Ubuntu/Debian:
|
||||
|
||||
::
|
||||
|
||||
sudo apt-get install python-pip
|
||||
sudo pip install dopy
|
||||
|
||||
CentOS/RedHat:
|
||||
|
||||
::
|
||||
|
||||
sudo yum install python-pip
|
||||
sudo pip install dopy
|
||||
|
||||
Mac OSX:
|
||||
|
||||
::
|
||||
|
||||
sudo pip install dopy
|
||||
|
||||
Amazon AWS inventory dependencies:
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Ubuntu/Debian:
|
||||
|
||||
::
|
||||
|
||||
sudo apt-get install python-boto
|
||||
|
||||
CentOS/RedHat:
|
||||
|
||||
::
|
||||
|
||||
sudo yum install python-boto
|
||||
|
||||
Mac OSX:
|
||||
|
||||
::
|
||||
|
||||
sudo pip install boto
|
||||
|
||||
Refreshing the DigitalOcean inventory
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
If you just finished creating droplets, the local DigitalOcean inventory
|
||||
cache is not up-to-date. To refresh it, run:
|
||||
|
||||
::
|
||||
|
||||
DO_API_TOKEN="<The API token received from DigitalOcean>"
|
||||
python -u inventory/digital_ocean.py --refresh-cache 1> /dev/null
|
||||
|
||||
Refreshing the Amazon AWS inventory
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
If you just finished creating Amazon AWS EC2 instances, the local AWS
|
||||
inventory cache is not up-to-date. To refresh it, run:
|
||||
|
||||
::
|
||||
|
||||
AWS_ACCESS_KEY_ID='<The API access key ID received from Amazon>'
|
||||
AWS_SECRET_ACCESS_KEY='<The API secret access key received from Amazon>'
|
||||
python -u inventory/ec2.py --refresh-cache 1> /dev/null
|
||||
|
||||
Note: you don't need the access key and secret key set, if you are
|
||||
running ansible on an Amazon AMI instance with the proper IAM
|
||||
permissions set.
|
||||
|
||||
Running the playbooks
|
||||
---------------------
|
||||
|
||||
The playbooks are locked down to only run if the environment variable
|
||||
``TF_VAR_TESTNET_NAME`` is populated. This is a precaution so you don't
|
||||
accidentally run the playbook on all your servers.
|
||||
|
||||
The variable ``TF_VAR_TESTNET_NAME`` contains the testnet name which
|
||||
ansible translates into an ansible group. If you used Terraform to
|
||||
create the servers, it was the testnet name used there.
|
||||
|
||||
If the playbook cannot connect to the servers because of public key
|
||||
denial, your SSH Agent is not set up properly. Alternatively you can add
|
||||
the SSH key to ansible using the ``--private-key`` option.
|
||||
|
||||
If you need to connect to the nodes as root but your local username is
|
||||
different, use the ansible option ``-u root`` to tell ansible to connect
|
||||
to the servers and authenticate as the root user.
|
||||
|
||||
If you secured your server and you need to ``sudo`` for root access, use
|
||||
the the ``-b`` or ``--become`` option to tell ansible to sudo to root
|
||||
after connecting to the server. In the Terraform-DigitalOcean example,
|
||||
if you created the ec2-user by adding the ``noroot=true`` option (or if
|
||||
you are simply on Amazon AWS), you need to add the options
|
||||
``-u ec2-user -b`` to ansible to tell it to connect as the ec2-user and
|
||||
then sudo to root to run the playbook.
|
||||
|
||||
DigitalOcean
|
||||
~~~~~~~~~~~~
|
||||
|
||||
::
|
||||
|
||||
DO_API_TOKEN="<The API token received from DigitalOcean>"
|
||||
TF_VAR_TESTNET_NAME="testnet-servers"
|
||||
ansible-playbook -i inventory/digital_ocean.py install.yml -e service=basecoind
|
||||
|
||||
Amazon AWS
|
||||
~~~~~~~~~~
|
||||
|
||||
::
|
||||
|
||||
AWS_ACCESS_KEY_ID='<The API access key ID received from Amazon>'
|
||||
AWS_SECRET_ACCESS_KEY='<The API secret access key received from Amazon>'
|
||||
TF_VAR_TESTNET_NAME="testnet-servers"
|
||||
ansible-playbook -i inventory/ec2.py install.yml -e service=basecoind
|
||||
|
||||
Installing custom versions
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
By default ansible installs the tendermint, basecoind or ethermint binary
|
||||
versions from the latest release in the repository. If you build your
|
||||
own version of the binaries, you can tell ansible to install that
|
||||
instead.
|
||||
|
||||
::
|
||||
|
||||
GOPATH="<your go path>"
|
||||
go get -u github.com/tendermint/basecoin/cmd/basecoind
|
||||
|
||||
DO_API_TOKEN="<The API token received from DigitalOcean>"
|
||||
TF_VAR_TESTNET_NAME="testnet-servers"
|
||||
ansible-playbook -i inventory/digital_ocean.py install.yml -e service=basecoind -e release_install=false
|
||||
|
||||
Alternatively you can change the variable settings in
|
||||
``group_vars/all``.
|
||||
|
||||
Other commands and roles
|
||||
------------------------
|
||||
|
||||
There are few extra playbooks to make life easier managing your servers.
|
||||
|
||||
- install.yml - Install basecoind or ethermint applications. (Tendermint
|
||||
gets installed automatically.) Use the ``service`` parameter to
|
||||
define which application to install. Defaults to ``basecoind``.
|
||||
- reset.yml - Stop the application, reset the configuration and data,
|
||||
then start the application again. You need to pass
|
||||
``-e service=<servicename>``, like ``-e service=basecoind``. It will
|
||||
restart the underlying tendermint application too.
|
||||
- restart.yml - Restart a service on all nodes. You need to pass
|
||||
``-e service=<servicename>``, like ``-e service=basecoind``. It will
|
||||
restart the underlying tendermint application too.
|
||||
- stop.yml - Stop the application. You need to pass
|
||||
``-e service=<servicename>``.
|
||||
- status.yml - Check the service status and print it. You need to pass
|
||||
``-e service=<servicename>``.
|
||||
- start.yml - Start the application. You need to pass
|
||||
``-e service=<servicename>``.
|
||||
- ubuntu16-patch.yml - Ubuntu 16.04 does not have the minimum required
|
||||
python package installed to be able to run ansible. If you are using
|
||||
ubuntu, run this playbook first on the target machines. This will
|
||||
install the python pacakge that is required for ansible to work
|
||||
correctly on the remote nodes.
|
||||
- upgrade.yml - Upgrade the ``service`` on your testnet. It will stop
|
||||
the service and restart it at the end. It will only work if the
|
||||
upgraded version is backward compatible with the installed version.
|
||||
- upgrade-reset.yml - Upgrade the ``service`` on your testnet and reset
|
||||
the database. It will stop the service and restart it at the end. It
|
||||
will work for upgrades where the new version is not
|
||||
backward-compatible with the installed version - however it will
|
||||
reset the testnet to its default.
|
||||
|
||||
The roles are self-sufficient under the ``roles/`` folder.
|
||||
|
||||
- install - install the application defined in the ``service``
|
||||
parameter. It can install release packages and update them with
|
||||
custom-compiled binaries.
|
||||
- unsafe\_reset - delete the database for a service, including the
|
||||
tendermint database.
|
||||
- config - configure the application defined in ``service``. It also
|
||||
configures the underlying tendermint service. Check
|
||||
``group_vars/all`` for options.
|
||||
- stop - stop an application. Requires the ``service`` parameter set.
|
||||
- status - check the status of an application. Requires the ``service``
|
||||
parameter set.
|
||||
- start - start an application. Requires the ``service`` parameter set.
|
||||
|
||||
Default variables
|
||||
-----------------
|
||||
|
||||
Default variables are documented under ``group_vars/all``. You can the
|
||||
parameters there to deploy a previously created genesis.json file
|
||||
(instead of dynamically creating it) or if you want to deploy custom
|
||||
built binaries instead of deploying a released version.
|
|
@ -1,18 +0,0 @@
|
|||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
|
||||
VAGRANTFILE_API_VERSION = "2"
|
||||
|
||||
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||
# All Vagrant configuration is done here. The most common configuration
|
||||
# options are documented and commented below. For a complete reference,
|
||||
# please see the online documentation at vagrantup.com.
|
||||
|
||||
# Every Vagrant virtual environment requires a box to build off of.
|
||||
config.vm.box = "ubuntu/trusty64"
|
||||
|
||||
config.vm.provision :ansible do |ansible|
|
||||
ansible.playbook = "install.yml"
|
||||
end
|
||||
end
|
|
@ -1,4 +0,0 @@
|
|||
[defaults]
|
||||
retry_files_enabled = False
|
||||
host_key_checking = False
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
"accounts": [{
|
||||
"pub_key": {
|
||||
"type": "ed25519",
|
||||
"data": "619D3678599971ED29C7529DDD4DA537B97129893598A17C82E3AC9A8BA95279"
|
||||
},
|
||||
"coins": [
|
||||
{
|
||||
"denom": "mycoin",
|
||||
"amount": 9007199254740992
|
||||
}
|
||||
]
|
||||
}],
|
||||
"plugin_options": [
|
||||
"coin/issuer", {"app": "sigs", "addr": "1B1BE55F969F54064628A63B9559E7C21C925165"}
|
||||
]
|
||||
|
|
@ -1 +0,0 @@
|
|||
|
|
@ -1,75 +0,0 @@
|
|||
"accounts": [
|
||||
{
|
||||
"name": "greg",
|
||||
"address": "42960119BC3D724F6FA0E2883C0DCF550C59D1B2",
|
||||
"coins": [
|
||||
{
|
||||
"denom": "fermion",
|
||||
"amount": 1000000
|
||||
},
|
||||
{
|
||||
"denom": "gregcoin",
|
||||
"amount": 1000
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "bucky",
|
||||
"address": "5CAFE3CD0FEE7A5DD98B366B19A201D428A79FB6",
|
||||
"coins": [
|
||||
{
|
||||
"denom": "fermion",
|
||||
"amount": 10000
|
||||
},
|
||||
{
|
||||
"denom": "buckycoin",
|
||||
"amount": 1000
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "fabo",
|
||||
"address": "9C145AAAE1E7AD8735BC1B2173B092CEF6FD8557",
|
||||
"coins": [
|
||||
{
|
||||
"denom": "fermion",
|
||||
"amount": 100
|
||||
},
|
||||
{
|
||||
"denom": "fabocoin",
|
||||
"amount": 1000
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "mattbell",
|
||||
"address": "C2BA52AC0E98907ED7DC7FBFE85FCF3D4BD4D018",
|
||||
"coins": [
|
||||
{
|
||||
"denom": "fermion",
|
||||
"amount": 100
|
||||
},
|
||||
{
|
||||
"denom": "tokenmatt",
|
||||
"amount": 1000
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "fabo",
|
||||
"address": "527E2333EF0B6E5FFB6E62FFA68B3707E08F2286",
|
||||
"coins": [
|
||||
{
|
||||
"denom": "fermion",
|
||||
"amount": 100
|
||||
},
|
||||
{
|
||||
"denom": "tokenfabo",
|
||||
"amount": 1000
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"plugin_options": [
|
||||
"coin/issuer", {"app": "sigs", "addr": "B01C264BFE9CBD45458256E613A6F07061A3A6B6"}
|
||||
]
|
|
@ -1,20 +0,0 @@
|
|||
"accounts": [
|
||||
{
|
||||
"name": "relay",
|
||||
"address": "1B1BE55F969F54064628A63B9559E7C21C925165",
|
||||
"pub_key": {
|
||||
"type": "ed25519",
|
||||
"data": "619D3678599971ED29C7529DDD4DA537B97129893598A17C82E3AC9A8BA95279"
|
||||
},
|
||||
"coins": [
|
||||
{
|
||||
"denom": "mycoin",
|
||||
"amount": 9007199254740992
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"plugin_options": [
|
||||
"coin/issuer", {"app": "sigs", "addr": "1B1BE55F969F54064628A63B9559E7C21C925165"}
|
||||
]
|
||||
|
Binary file not shown.
Before Width: | Height: | Size: 14 KiB |
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
|
||||
#variable "service" is required
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}:tag_Environment_{{ lookup('env','TF_VAR_TESTNET_NAME') | regex_replace('-','_') }}"
|
||||
roles:
|
||||
- getconfigtoml
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
|
||||
#variable "source" is required
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}:tag_Environment_{{ lookup('env','TF_VAR_TESTNET_NAME') | regex_replace('-','_') }}"
|
||||
roles:
|
||||
- getfile
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
---
|
||||
###
|
||||
### Tendermint installation
|
||||
###
|
||||
|
||||
## This file shows and sets the global defaults for the role variables.
|
||||
|
||||
##
|
||||
## install
|
||||
##
|
||||
|
||||
## service variable defines which service is going to be managed. It can be set to basecoind or ethermint.
|
||||
service: basecoind
|
||||
|
||||
## release_install indicates if the install role should look for a privately built binary after installing the service package. If set to false, the privately built binary in the GOPATH is going to override the binary on the target systems.
|
||||
#release_install: true
|
||||
|
||||
## binary stores the path to the privately built service binary, if there is any. By default it uses the GOPATH environment variable.
|
||||
#binary: "{{ lookup('env','GOPATH') | default('') }}/bin/{{service}}"
|
||||
|
||||
##
|
||||
## config
|
||||
##
|
||||
|
||||
## tendermint_genesis_file contains the path and filename to a previously generated genesis.json for the underlying tendermint service. If undefined, the json file is dynamically generated.
|
||||
#tendermint_genesis_file: "<undefined>"
|
||||
|
||||
## service_genesis_file contains the path and filename to a previously generated genesis.json for the service. If undefined, the json file is dynamically generated.
|
||||
#service_genesis_file: "<undefined>"
|
||||
|
||||
## testnet_name is used to find seed IPs and public keys and set the chain_id in genesis.json and config.toml
|
||||
#testnet_name: testnet1
|
||||
|
||||
## app_options_file contains a path and filename which will be included in a generated service genesis.json file on all nodes. The content will be dumped into the app_options dictionary in the service genesis.json..
|
||||
#app_options_file: "app_options_files/dev_money"
|
||||
|
||||
## Internal use only. validators indicates if the nodes are validator nodes. The tendermint genesis.json will contain their public keys.
|
||||
#validators: true
|
||||
|
||||
## Internal use only. seeds contain the list of servers (with ports) that are validators in a testnet. Only effective if validators == false. If validators == true, then all nodes will be automatically included here.
|
||||
#seeds: ""
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
|
||||
#variable "service" is required
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}:tag_Environment_{{ lookup('env','TF_VAR_TESTNET_NAME') | regex_replace('-','_') }}"
|
||||
any_errors_fatal: "{{validators | default(true) | bool}}"
|
||||
roles:
|
||||
- install
|
||||
- {role: generic-service, when: service == 'tendermint'}
|
||||
- {role: config, testnet_name: "{{lookup('env','TF_VAR_TESTNET_NAME')}}", tags: reconfig }
|
||||
- start
|
||||
|
|
@ -1,675 +0,0 @@
|
|||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The GNU General Public License is a free, copyleft license for
|
||||
software and other kinds of works.
|
||||
|
||||
The licenses for most software and other practical works are designed
|
||||
to take away your freedom to share and change the works. By contrast,
|
||||
the GNU General Public License is intended to guarantee your freedom to
|
||||
share and change all versions of a program--to make sure it remains free
|
||||
software for all its users. We, the Free Software Foundation, use the
|
||||
GNU General Public License for most of our software; it applies also to
|
||||
any other work released this way by its authors. You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
them if you wish), that you receive source code or can get it if you
|
||||
want it, that you can change the software or use pieces of it in new
|
||||
free programs, and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to prevent others from denying you
|
||||
these rights or asking you to surrender the rights. Therefore, you have
|
||||
certain responsibilities if you distribute copies of the software, or if
|
||||
you modify it: responsibilities to respect the freedom of others.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must pass on to the recipients the same
|
||||
freedoms that you received. You must make sure that they, too, receive
|
||||
or can get the source code. And you must show them these terms so they
|
||||
know their rights.
|
||||
|
||||
Developers that use the GNU GPL protect your rights with two steps:
|
||||
(1) assert copyright on the software, and (2) offer you this License
|
||||
giving you legal permission to copy, distribute and/or modify it.
|
||||
|
||||
For the developers' and authors' protection, the GPL clearly explains
|
||||
that there is no warranty for this free software. For both users' and
|
||||
authors' sake, the GPL requires that modified versions be marked as
|
||||
changed, so that their problems will not be attributed erroneously to
|
||||
authors of previous versions.
|
||||
|
||||
Some devices are designed to deny users access to install or run
|
||||
modified versions of the software inside them, although the manufacturer
|
||||
can do so. This is fundamentally incompatible with the aim of
|
||||
protecting users' freedom to change the software. The systematic
|
||||
pattern of such abuse occurs in the area of products for individuals to
|
||||
use, which is precisely where it is most unacceptable. Therefore, we
|
||||
have designed this version of the GPL to prohibit the practice for those
|
||||
products. If such problems arise substantially in other domains, we
|
||||
stand ready to extend this provision to those domains in future versions
|
||||
of the GPL, as needed to protect the freedom of users.
|
||||
|
||||
Finally, every program is threatened constantly by software patents.
|
||||
States should not allow patents to restrict development and use of
|
||||
software on general-purpose computers, but in those that do, we wish to
|
||||
avoid the special danger that patents applied to a free program could
|
||||
make it effectively proprietary. To prevent this, the GPL assures that
|
||||
patents cannot be used to render the program non-free.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
TERMS AND CONDITIONS
|
||||
|
||||
0. Definitions.
|
||||
|
||||
"This License" refers to version 3 of the GNU General Public License.
|
||||
|
||||
"Copyright" also means copyright-like laws that apply to other kinds of
|
||||
works, such as semiconductor masks.
|
||||
|
||||
"The Program" refers to any copyrightable work licensed under this
|
||||
License. Each licensee is addressed as "you". "Licensees" and
|
||||
"recipients" may be individuals or organizations.
|
||||
|
||||
To "modify" a work means to copy from or adapt all or part of the work
|
||||
in a fashion requiring copyright permission, other than the making of an
|
||||
exact copy. The resulting work is called a "modified version" of the
|
||||
earlier work or a work "based on" the earlier work.
|
||||
|
||||
A "covered work" means either the unmodified Program or a work based
|
||||
on the Program.
|
||||
|
||||
To "propagate" a work means to do anything with it that, without
|
||||
permission, would make you directly or secondarily liable for
|
||||
infringement under applicable copyright law, except executing it on a
|
||||
computer or modifying a private copy. Propagation includes copying,
|
||||
distribution (with or without modification), making available to the
|
||||
public, and in some countries other activities as well.
|
||||
|
||||
To "convey" a work means any kind of propagation that enables other
|
||||
parties to make or receive copies. Mere interaction with a user through
|
||||
a computer network, with no transfer of a copy, is not conveying.
|
||||
|
||||
An interactive user interface displays "Appropriate Legal Notices"
|
||||
to the extent that it includes a convenient and prominently visible
|
||||
feature that (1) displays an appropriate copyright notice, and (2)
|
||||
tells the user that there is no warranty for the work (except to the
|
||||
extent that warranties are provided), that licensees may convey the
|
||||
work under this License, and how to view a copy of this License. If
|
||||
the interface presents a list of user commands or options, such as a
|
||||
menu, a prominent item in the list meets this criterion.
|
||||
|
||||
1. Source Code.
|
||||
|
||||
The "source code" for a work means the preferred form of the work
|
||||
for making modifications to it. "Object code" means any non-source
|
||||
form of a work.
|
||||
|
||||
A "Standard Interface" means an interface that either is an official
|
||||
standard defined by a recognized standards body, or, in the case of
|
||||
interfaces specified for a particular programming language, one that
|
||||
is widely used among developers working in that language.
|
||||
|
||||
The "System Libraries" of an executable work include anything, other
|
||||
than the work as a whole, that (a) is included in the normal form of
|
||||
packaging a Major Component, but which is not part of that Major
|
||||
Component, and (b) serves only to enable use of the work with that
|
||||
Major Component, or to implement a Standard Interface for which an
|
||||
implementation is available to the public in source code form. A
|
||||
"Major Component", in this context, means a major essential component
|
||||
(kernel, window system, and so on) of the specific operating system
|
||||
(if any) on which the executable work runs, or a compiler used to
|
||||
produce the work, or an object code interpreter used to run it.
|
||||
|
||||
The "Corresponding Source" for a work in object code form means all
|
||||
the source code needed to generate, install, and (for an executable
|
||||
work) run the object code and to modify the work, including scripts to
|
||||
control those activities. However, it does not include the work's
|
||||
System Libraries, or general-purpose tools or generally available free
|
||||
programs which are used unmodified in performing those activities but
|
||||
which are not part of the work. For example, Corresponding Source
|
||||
includes interface definition files associated with source files for
|
||||
the work, and the source code for shared libraries and dynamically
|
||||
linked subprograms that the work is specifically designed to require,
|
||||
such as by intimate data communication or control flow between those
|
||||
subprograms and other parts of the work.
|
||||
|
||||
The Corresponding Source need not include anything that users
|
||||
can regenerate automatically from other parts of the Corresponding
|
||||
Source.
|
||||
|
||||
The Corresponding Source for a work in source code form is that
|
||||
same work.
|
||||
|
||||
2. Basic Permissions.
|
||||
|
||||
All rights granted under this License are granted for the term of
|
||||
copyright on the Program, and are irrevocable provided the stated
|
||||
conditions are met. This License explicitly affirms your unlimited
|
||||
permission to run the unmodified Program. The output from running a
|
||||
covered work is covered by this License only if the output, given its
|
||||
content, constitutes a covered work. This License acknowledges your
|
||||
rights of fair use or other equivalent, as provided by copyright law.
|
||||
|
||||
You may make, run and propagate covered works that you do not
|
||||
convey, without conditions so long as your license otherwise remains
|
||||
in force. You may convey covered works to others for the sole purpose
|
||||
of having them make modifications exclusively for you, or provide you
|
||||
with facilities for running those works, provided that you comply with
|
||||
the terms of this License in conveying all material for which you do
|
||||
not control copyright. Those thus making or running the covered works
|
||||
for you must do so exclusively on your behalf, under your direction
|
||||
and control, on terms that prohibit them from making any copies of
|
||||
your copyrighted material outside their relationship with you.
|
||||
|
||||
Conveying under any other circumstances is permitted solely under
|
||||
the conditions stated below. Sublicensing is not allowed; section 10
|
||||
makes it unnecessary.
|
||||
|
||||
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
||||
|
||||
No covered work shall be deemed part of an effective technological
|
||||
measure under any applicable law fulfilling obligations under article
|
||||
11 of the WIPO copyright treaty adopted on 20 December 1996, or
|
||||
similar laws prohibiting or restricting circumvention of such
|
||||
measures.
|
||||
|
||||
When you convey a covered work, you waive any legal power to forbid
|
||||
circumvention of technological measures to the extent such circumvention
|
||||
is effected by exercising rights under this License with respect to
|
||||
the covered work, and you disclaim any intention to limit operation or
|
||||
modification of the work as a means of enforcing, against the work's
|
||||
users, your or third parties' legal rights to forbid circumvention of
|
||||
technological measures.
|
||||
|
||||
4. Conveying Verbatim Copies.
|
||||
|
||||
You may convey verbatim copies of the Program's source code as you
|
||||
receive it, in any medium, provided that you conspicuously and
|
||||
appropriately publish on each copy an appropriate copyright notice;
|
||||
keep intact all notices stating that this License and any
|
||||
non-permissive terms added in accord with section 7 apply to the code;
|
||||
keep intact all notices of the absence of any warranty; and give all
|
||||
recipients a copy of this License along with the Program.
|
||||
|
||||
You may charge any price or no price for each copy that you convey,
|
||||
and you may offer support or warranty protection for a fee.
|
||||
|
||||
5. Conveying Modified Source Versions.
|
||||
|
||||
You may convey a work based on the Program, or the modifications to
|
||||
produce it from the Program, in the form of source code under the
|
||||
terms of section 4, provided that you also meet all of these conditions:
|
||||
|
||||
a) The work must carry prominent notices stating that you modified
|
||||
it, and giving a relevant date.
|
||||
|
||||
b) The work must carry prominent notices stating that it is
|
||||
released under this License and any conditions added under section
|
||||
7. This requirement modifies the requirement in section 4 to
|
||||
"keep intact all notices".
|
||||
|
||||
c) You must license the entire work, as a whole, under this
|
||||
License to anyone who comes into possession of a copy. This
|
||||
License will therefore apply, along with any applicable section 7
|
||||
additional terms, to the whole of the work, and all its parts,
|
||||
regardless of how they are packaged. This License gives no
|
||||
permission to license the work in any other way, but it does not
|
||||
invalidate such permission if you have separately received it.
|
||||
|
||||
d) If the work has interactive user interfaces, each must display
|
||||
Appropriate Legal Notices; however, if the Program has interactive
|
||||
interfaces that do not display Appropriate Legal Notices, your
|
||||
work need not make them do so.
|
||||
|
||||
A compilation of a covered work with other separate and independent
|
||||
works, which are not by their nature extensions of the covered work,
|
||||
and which are not combined with it such as to form a larger program,
|
||||
in or on a volume of a storage or distribution medium, is called an
|
||||
"aggregate" if the compilation and its resulting copyright are not
|
||||
used to limit the access or legal rights of the compilation's users
|
||||
beyond what the individual works permit. Inclusion of a covered work
|
||||
in an aggregate does not cause this License to apply to the other
|
||||
parts of the aggregate.
|
||||
|
||||
6. Conveying Non-Source Forms.
|
||||
|
||||
You may convey a covered work in object code form under the terms
|
||||
of sections 4 and 5, provided that you also convey the
|
||||
machine-readable Corresponding Source under the terms of this License,
|
||||
in one of these ways:
|
||||
|
||||
a) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by the
|
||||
Corresponding Source fixed on a durable physical medium
|
||||
customarily used for software interchange.
|
||||
|
||||
b) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by a
|
||||
written offer, valid for at least three years and valid for as
|
||||
long as you offer spare parts or customer support for that product
|
||||
model, to give anyone who possesses the object code either (1) a
|
||||
copy of the Corresponding Source for all the software in the
|
||||
product that is covered by this License, on a durable physical
|
||||
medium customarily used for software interchange, for a price no
|
||||
more than your reasonable cost of physically performing this
|
||||
conveying of source, or (2) access to copy the
|
||||
Corresponding Source from a network server at no charge.
|
||||
|
||||
c) Convey individual copies of the object code with a copy of the
|
||||
written offer to provide the Corresponding Source. This
|
||||
alternative is allowed only occasionally and noncommercially, and
|
||||
only if you received the object code with such an offer, in accord
|
||||
with subsection 6b.
|
||||
|
||||
d) Convey the object code by offering access from a designated
|
||||
place (gratis or for a charge), and offer equivalent access to the
|
||||
Corresponding Source in the same way through the same place at no
|
||||
further charge. You need not require recipients to copy the
|
||||
Corresponding Source along with the object code. If the place to
|
||||
copy the object code is a network server, the Corresponding Source
|
||||
may be on a different server (operated by you or a third party)
|
||||
that supports equivalent copying facilities, provided you maintain
|
||||
clear directions next to the object code saying where to find the
|
||||
Corresponding Source. Regardless of what server hosts the
|
||||
Corresponding Source, you remain obligated to ensure that it is
|
||||
available for as long as needed to satisfy these requirements.
|
||||
|
||||
e) Convey the object code using peer-to-peer transmission, provided
|
||||
you inform other peers where the object code and Corresponding
|
||||
Source of the work are being offered to the general public at no
|
||||
charge under subsection 6d.
|
||||
|
||||
A separable portion of the object code, whose source code is excluded
|
||||
from the Corresponding Source as a System Library, need not be
|
||||
included in conveying the object code work.
|
||||
|
||||
A "User Product" is either (1) a "consumer product", which means any
|
||||
tangible personal property which is normally used for personal, family,
|
||||
or household purposes, or (2) anything designed or sold for incorporation
|
||||
into a dwelling. In determining whether a product is a consumer product,
|
||||
doubtful cases shall be resolved in favor of coverage. For a particular
|
||||
product received by a particular user, "normally used" refers to a
|
||||
typical or common use of that class of product, regardless of the status
|
||||
of the particular user or of the way in which the particular user
|
||||
actually uses, or expects or is expected to use, the product. A product
|
||||
is a consumer product regardless of whether the product has substantial
|
||||
commercial, industrial or non-consumer uses, unless such uses represent
|
||||
the only significant mode of use of the product.
|
||||
|
||||
"Installation Information" for a User Product means any methods,
|
||||
procedures, authorization keys, or other information required to install
|
||||
and execute modified versions of a covered work in that User Product from
|
||||
a modified version of its Corresponding Source. The information must
|
||||
suffice to ensure that the continued functioning of the modified object
|
||||
code is in no case prevented or interfered with solely because
|
||||
modification has been made.
|
||||
|
||||
If you convey an object code work under this section in, or with, or
|
||||
specifically for use in, a User Product, and the conveying occurs as
|
||||
part of a transaction in which the right of possession and use of the
|
||||
User Product is transferred to the recipient in perpetuity or for a
|
||||
fixed term (regardless of how the transaction is characterized), the
|
||||
Corresponding Source conveyed under this section must be accompanied
|
||||
by the Installation Information. But this requirement does not apply
|
||||
if neither you nor any third party retains the ability to install
|
||||
modified object code on the User Product (for example, the work has
|
||||
been installed in ROM).
|
||||
|
||||
The requirement to provide Installation Information does not include a
|
||||
requirement to continue to provide support service, warranty, or updates
|
||||
for a work that has been modified or installed by the recipient, or for
|
||||
the User Product in which it has been modified or installed. Access to a
|
||||
network may be denied when the modification itself materially and
|
||||
adversely affects the operation of the network or violates the rules and
|
||||
protocols for communication across the network.
|
||||
|
||||
Corresponding Source conveyed, and Installation Information provided,
|
||||
in accord with this section must be in a format that is publicly
|
||||
documented (and with an implementation available to the public in
|
||||
source code form), and must require no special password or key for
|
||||
unpacking, reading or copying.
|
||||
|
||||
7. Additional Terms.
|
||||
|
||||
"Additional permissions" are terms that supplement the terms of this
|
||||
License by making exceptions from one or more of its conditions.
|
||||
Additional permissions that are applicable to the entire Program shall
|
||||
be treated as though they were included in this License, to the extent
|
||||
that they are valid under applicable law. If additional permissions
|
||||
apply only to part of the Program, that part may be used separately
|
||||
under those permissions, but the entire Program remains governed by
|
||||
this License without regard to the additional permissions.
|
||||
|
||||
When you convey a copy of a covered work, you may at your option
|
||||
remove any additional permissions from that copy, or from any part of
|
||||
it. (Additional permissions may be written to require their own
|
||||
removal in certain cases when you modify the work.) You may place
|
||||
additional permissions on material, added by you to a covered work,
|
||||
for which you have or can give appropriate copyright permission.
|
||||
|
||||
Notwithstanding any other provision of this License, for material you
|
||||
add to a covered work, you may (if authorized by the copyright holders of
|
||||
that material) supplement the terms of this License with terms:
|
||||
|
||||
a) Disclaiming warranty or limiting liability differently from the
|
||||
terms of sections 15 and 16 of this License; or
|
||||
|
||||
b) Requiring preservation of specified reasonable legal notices or
|
||||
author attributions in that material or in the Appropriate Legal
|
||||
Notices displayed by works containing it; or
|
||||
|
||||
c) Prohibiting misrepresentation of the origin of that material, or
|
||||
requiring that modified versions of such material be marked in
|
||||
reasonable ways as different from the original version; or
|
||||
|
||||
d) Limiting the use for publicity purposes of names of licensors or
|
||||
authors of the material; or
|
||||
|
||||
e) Declining to grant rights under trademark law for use of some
|
||||
trade names, trademarks, or service marks; or
|
||||
|
||||
f) Requiring indemnification of licensors and authors of that
|
||||
material by anyone who conveys the material (or modified versions of
|
||||
it) with contractual assumptions of liability to the recipient, for
|
||||
any liability that these contractual assumptions directly impose on
|
||||
those licensors and authors.
|
||||
|
||||
All other non-permissive additional terms are considered "further
|
||||
restrictions" within the meaning of section 10. If the Program as you
|
||||
received it, or any part of it, contains a notice stating that it is
|
||||
governed by this License along with a term that is a further
|
||||
restriction, you may remove that term. If a license document contains
|
||||
a further restriction but permits relicensing or conveying under this
|
||||
License, you may add to a covered work material governed by the terms
|
||||
of that license document, provided that the further restriction does
|
||||
not survive such relicensing or conveying.
|
||||
|
||||
If you add terms to a covered work in accord with this section, you
|
||||
must place, in the relevant source files, a statement of the
|
||||
additional terms that apply to those files, or a notice indicating
|
||||
where to find the applicable terms.
|
||||
|
||||
Additional terms, permissive or non-permissive, may be stated in the
|
||||
form of a separately written license, or stated as exceptions;
|
||||
the above requirements apply either way.
|
||||
|
||||
8. Termination.
|
||||
|
||||
You may not propagate or modify a covered work except as expressly
|
||||
provided under this License. Any attempt otherwise to propagate or
|
||||
modify it is void, and will automatically terminate your rights under
|
||||
this License (including any patent licenses granted under the third
|
||||
paragraph of section 11).
|
||||
|
||||
However, if you cease all violation of this License, then your
|
||||
license from a particular copyright holder is reinstated (a)
|
||||
provisionally, unless and until the copyright holder explicitly and
|
||||
finally terminates your license, and (b) permanently, if the copyright
|
||||
holder fails to notify you of the violation by some reasonable means
|
||||
prior to 60 days after the cessation.
|
||||
|
||||
Moreover, your license from a particular copyright holder is
|
||||
reinstated permanently if the copyright holder notifies you of the
|
||||
violation by some reasonable means, this is the first time you have
|
||||
received notice of violation of this License (for any work) from that
|
||||
copyright holder, and you cure the violation prior to 30 days after
|
||||
your receipt of the notice.
|
||||
|
||||
Termination of your rights under this section does not terminate the
|
||||
licenses of parties who have received copies or rights from you under
|
||||
this License. If your rights have been terminated and not permanently
|
||||
reinstated, you do not qualify to receive new licenses for the same
|
||||
material under section 10.
|
||||
|
||||
9. Acceptance Not Required for Having Copies.
|
||||
|
||||
You are not required to accept this License in order to receive or
|
||||
run a copy of the Program. Ancillary propagation of a covered work
|
||||
occurring solely as a consequence of using peer-to-peer transmission
|
||||
to receive a copy likewise does not require acceptance. However,
|
||||
nothing other than this License grants you permission to propagate or
|
||||
modify any covered work. These actions infringe copyright if you do
|
||||
not accept this License. Therefore, by modifying or propagating a
|
||||
covered work, you indicate your acceptance of this License to do so.
|
||||
|
||||
10. Automatic Licensing of Downstream Recipients.
|
||||
|
||||
Each time you convey a covered work, the recipient automatically
|
||||
receives a license from the original licensors, to run, modify and
|
||||
propagate that work, subject to this License. You are not responsible
|
||||
for enforcing compliance by third parties with this License.
|
||||
|
||||
An "entity transaction" is a transaction transferring control of an
|
||||
organization, or substantially all assets of one, or subdividing an
|
||||
organization, or merging organizations. If propagation of a covered
|
||||
work results from an entity transaction, each party to that
|
||||
transaction who receives a copy of the work also receives whatever
|
||||
licenses to the work the party's predecessor in interest had or could
|
||||
give under the previous paragraph, plus a right to possession of the
|
||||
Corresponding Source of the work from the predecessor in interest, if
|
||||
the predecessor has it or can get it with reasonable efforts.
|
||||
|
||||
You may not impose any further restrictions on the exercise of the
|
||||
rights granted or affirmed under this License. For example, you may
|
||||
not impose a license fee, royalty, or other charge for exercise of
|
||||
rights granted under this License, and you may not initiate litigation
|
||||
(including a cross-claim or counterclaim in a lawsuit) alleging that
|
||||
any patent claim is infringed by making, using, selling, offering for
|
||||
sale, or importing the Program or any portion of it.
|
||||
|
||||
11. Patents.
|
||||
|
||||
A "contributor" is a copyright holder who authorizes use under this
|
||||
License of the Program or a work on which the Program is based. The
|
||||
work thus licensed is called the contributor's "contributor version".
|
||||
|
||||
A contributor's "essential patent claims" are all patent claims
|
||||
owned or controlled by the contributor, whether already acquired or
|
||||
hereafter acquired, that would be infringed by some manner, permitted
|
||||
by this License, of making, using, or selling its contributor version,
|
||||
but do not include claims that would be infringed only as a
|
||||
consequence of further modification of the contributor version. For
|
||||
purposes of this definition, "control" includes the right to grant
|
||||
patent sublicenses in a manner consistent with the requirements of
|
||||
this License.
|
||||
|
||||
Each contributor grants you a non-exclusive, worldwide, royalty-free
|
||||
patent license under the contributor's essential patent claims, to
|
||||
make, use, sell, offer for sale, import and otherwise run, modify and
|
||||
propagate the contents of its contributor version.
|
||||
|
||||
In the following three paragraphs, a "patent license" is any express
|
||||
agreement or commitment, however denominated, not to enforce a patent
|
||||
(such as an express permission to practice a patent or covenant not to
|
||||
sue for patent infringement). To "grant" such a patent license to a
|
||||
party means to make such an agreement or commitment not to enforce a
|
||||
patent against the party.
|
||||
|
||||
If you convey a covered work, knowingly relying on a patent license,
|
||||
and the Corresponding Source of the work is not available for anyone
|
||||
to copy, free of charge and under the terms of this License, through a
|
||||
publicly available network server or other readily accessible means,
|
||||
then you must either (1) cause the Corresponding Source to be so
|
||||
available, or (2) arrange to deprive yourself of the benefit of the
|
||||
patent license for this particular work, or (3) arrange, in a manner
|
||||
consistent with the requirements of this License, to extend the patent
|
||||
license to downstream recipients. "Knowingly relying" means you have
|
||||
actual knowledge that, but for the patent license, your conveying the
|
||||
covered work in a country, or your recipient's use of the covered work
|
||||
in a country, would infringe one or more identifiable patents in that
|
||||
country that you have reason to believe are valid.
|
||||
|
||||
If, pursuant to or in connection with a single transaction or
|
||||
arrangement, you convey, or propagate by procuring conveyance of, a
|
||||
covered work, and grant a patent license to some of the parties
|
||||
receiving the covered work authorizing them to use, propagate, modify
|
||||
or convey a specific copy of the covered work, then the patent license
|
||||
you grant is automatically extended to all recipients of the covered
|
||||
work and works based on it.
|
||||
|
||||
A patent license is "discriminatory" if it does not include within
|
||||
the scope of its coverage, prohibits the exercise of, or is
|
||||
conditioned on the non-exercise of one or more of the rights that are
|
||||
specifically granted under this License. You may not convey a covered
|
||||
work if you are a party to an arrangement with a third party that is
|
||||
in the business of distributing software, under which you make payment
|
||||
to the third party based on the extent of your activity of conveying
|
||||
the work, and under which the third party grants, to any of the
|
||||
parties who would receive the covered work from you, a discriminatory
|
||||
patent license (a) in connection with copies of the covered work
|
||||
conveyed by you (or copies made from those copies), or (b) primarily
|
||||
for and in connection with specific products or compilations that
|
||||
contain the covered work, unless you entered into that arrangement,
|
||||
or that patent license was granted, prior to 28 March 2007.
|
||||
|
||||
Nothing in this License shall be construed as excluding or limiting
|
||||
any implied license or other defenses to infringement that may
|
||||
otherwise be available to you under applicable patent law.
|
||||
|
||||
12. No Surrender of Others' Freedom.
|
||||
|
||||
If conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot convey a
|
||||
covered work so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you may
|
||||
not convey it at all. For example, if you agree to terms that obligate you
|
||||
to collect a royalty for further conveying from those to whom you convey
|
||||
the Program, the only way you could satisfy both those terms and this
|
||||
License would be to refrain entirely from conveying the Program.
|
||||
|
||||
13. Use with the GNU Affero General Public License.
|
||||
|
||||
Notwithstanding any other provision of this License, you have
|
||||
permission to link or combine any covered work with a work licensed
|
||||
under version 3 of the GNU Affero General Public License into a single
|
||||
combined work, and to convey the resulting work. The terms of this
|
||||
License will continue to apply to the part which is the covered work,
|
||||
but the special requirements of the GNU Affero General Public License,
|
||||
section 13, concerning interaction through a network will apply to the
|
||||
combination as such.
|
||||
|
||||
14. Revised Versions of this License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions of
|
||||
the GNU General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the
|
||||
Program specifies that a certain numbered version of the GNU General
|
||||
Public License "or any later version" applies to it, you have the
|
||||
option of following the terms and conditions either of that numbered
|
||||
version or of any later version published by the Free Software
|
||||
Foundation. If the Program does not specify a version number of the
|
||||
GNU General Public License, you may choose any version ever published
|
||||
by the Free Software Foundation.
|
||||
|
||||
If the Program specifies that a proxy can decide which future
|
||||
versions of the GNU General Public License can be used, that proxy's
|
||||
public statement of acceptance of a version permanently authorizes you
|
||||
to choose that version for the Program.
|
||||
|
||||
Later license versions may give you additional or different
|
||||
permissions. However, no additional obligations are imposed on any
|
||||
author or copyright holder as a result of your choosing to follow a
|
||||
later version.
|
||||
|
||||
15. Disclaimer of Warranty.
|
||||
|
||||
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
|
||||
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
|
||||
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
|
||||
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
|
||||
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
|
||||
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
|
||||
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||
|
||||
16. Limitation of Liability.
|
||||
|
||||
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
|
||||
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
|
||||
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
|
||||
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
|
||||
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
|
||||
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
|
||||
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGES.
|
||||
|
||||
17. Interpretation of Sections 15 and 16.
|
||||
|
||||
If the disclaimer of warranty and limitation of liability provided
|
||||
above cannot be given local legal effect according to their terms,
|
||||
reviewing courts shall apply local law that most closely approximates
|
||||
an absolute waiver of all civil liability in connection with the
|
||||
Program, unless a warranty or assumption of liability accompanies a
|
||||
copy of the Program in return for a fee.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
state the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program does terminal interaction, make it output a short
|
||||
notice like this when it starts in an interactive mode:
|
||||
|
||||
<program> Copyright (C) <year> <name of author>
|
||||
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, your program's commands
|
||||
might be different; for a GUI interface, you would use an "about box".
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary.
|
||||
For more information on this, and how to apply and follow the GNU GPL, see
|
||||
<http://www.gnu.org/licenses/>.
|
||||
|
||||
The GNU General Public License does not permit incorporating your program
|
||||
into proprietary programs. If your program is a subroutine library, you
|
||||
may consider it more useful to permit linking proprietary applications with
|
||||
the library. If this is what you want to do, use the GNU Lesser General
|
||||
Public License instead of this License. But first, please read
|
||||
<http://www.gnu.org/philosophy/why-not-lgpl.html>.
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
# Ansible DigitalOcean external inventory script settings
|
||||
#
|
||||
|
||||
[digital_ocean]
|
||||
|
||||
# The module needs your DigitalOcean API Token.
|
||||
# It may also be specified on the command line via --api-token
|
||||
# or via the environment variables DO_API_TOKEN or DO_API_KEY
|
||||
#
|
||||
#api_token = 123456abcdefg
|
||||
|
||||
|
||||
# API calls to DigitalOcean may be slow. For this reason, we cache the results
|
||||
# of an API call. Set this to the path you want cache files to be written to.
|
||||
# One file will be written to this directory:
|
||||
# - ansible-digital_ocean.cache
|
||||
#
|
||||
cache_path = /tmp
|
||||
|
||||
|
||||
# The number of seconds a cache file is considered valid. After this many
|
||||
# seconds, a new API call will be made, and the cache file will be updated.
|
||||
#
|
||||
cache_max_age = 300
|
||||
|
||||
# Use the private network IP address instead of the public when available.
|
||||
#
|
||||
use_private_network = False
|
||||
|
||||
# Pass variables to every group, e.g.:
|
||||
#
|
||||
# group_variables = { 'ansible_user': 'root' }
|
||||
#
|
||||
group_variables = {}
|
|
@ -1,471 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
'''
|
||||
DigitalOcean external inventory script
|
||||
======================================
|
||||
|
||||
Generates Ansible inventory of DigitalOcean Droplets.
|
||||
|
||||
In addition to the --list and --host options used by Ansible, there are options
|
||||
for generating JSON of other DigitalOcean data. This is useful when creating
|
||||
droplets. For example, --regions will return all the DigitalOcean Regions.
|
||||
This information can also be easily found in the cache file, whose default
|
||||
location is /tmp/ansible-digital_ocean.cache).
|
||||
|
||||
The --pretty (-p) option pretty-prints the output for better human readability.
|
||||
|
||||
----
|
||||
Although the cache stores all the information received from DigitalOcean,
|
||||
the cache is not used for current droplet information (in --list, --host,
|
||||
--all, and --droplets). This is so that accurate droplet information is always
|
||||
found. You can force this script to use the cache with --force-cache.
|
||||
|
||||
----
|
||||
Configuration is read from `digital_ocean.ini`, then from environment variables,
|
||||
then and command-line arguments.
|
||||
|
||||
Most notably, the DigitalOcean API Token must be specified. It can be specified
|
||||
in the INI file or with the following environment variables:
|
||||
export DO_API_TOKEN='abc123' or
|
||||
export DO_API_KEY='abc123'
|
||||
|
||||
Alternatively, it can be passed on the command-line with --api-token.
|
||||
|
||||
If you specify DigitalOcean credentials in the INI file, a handy way to
|
||||
get them into your environment (e.g., to use the digital_ocean module)
|
||||
is to use the output of the --env option with export:
|
||||
export $(digital_ocean.py --env)
|
||||
|
||||
----
|
||||
The following groups are generated from --list:
|
||||
- ID (droplet ID)
|
||||
- NAME (droplet NAME)
|
||||
- image_ID
|
||||
- image_NAME
|
||||
- distro_NAME (distribution NAME from image)
|
||||
- region_NAME
|
||||
- size_NAME
|
||||
- status_STATUS
|
||||
|
||||
For each host, the following variables are registered:
|
||||
- do_backup_ids
|
||||
- do_created_at
|
||||
- do_disk
|
||||
- do_features - list
|
||||
- do_id
|
||||
- do_image - object
|
||||
- do_ip_address
|
||||
- do_private_ip_address
|
||||
- do_kernel - object
|
||||
- do_locked
|
||||
- do_memory
|
||||
- do_name
|
||||
- do_networks - object
|
||||
- do_next_backup_window
|
||||
- do_region - object
|
||||
- do_size - object
|
||||
- do_size_slug
|
||||
- do_snapshot_ids - list
|
||||
- do_status
|
||||
- do_tags
|
||||
- do_vcpus
|
||||
- do_volume_ids
|
||||
|
||||
-----
|
||||
```
|
||||
usage: digital_ocean.py [-h] [--list] [--host HOST] [--all]
|
||||
[--droplets] [--regions] [--images] [--sizes]
|
||||
[--ssh-keys] [--domains] [--pretty]
|
||||
[--cache-path CACHE_PATH]
|
||||
[--cache-max_age CACHE_MAX_AGE]
|
||||
[--force-cache]
|
||||
[--refresh-cache]
|
||||
[--api-token API_TOKEN]
|
||||
|
||||
Produce an Ansible Inventory file based on DigitalOcean credentials
|
||||
|
||||
optional arguments:
|
||||
-h, --help show this help message and exit
|
||||
--list List all active Droplets as Ansible inventory
|
||||
(default: True)
|
||||
--host HOST Get all Ansible inventory variables about a specific
|
||||
Droplet
|
||||
--all List all DigitalOcean information as JSON
|
||||
--droplets List Droplets as JSON
|
||||
--regions List Regions as JSON
|
||||
--images List Images as JSON
|
||||
--sizes List Sizes as JSON
|
||||
--ssh-keys List SSH keys as JSON
|
||||
--domains List Domains as JSON
|
||||
--pretty, -p Pretty-print results
|
||||
--cache-path CACHE_PATH
|
||||
Path to the cache files (default: .)
|
||||
--cache-max_age CACHE_MAX_AGE
|
||||
Maximum age of the cached items (default: 0)
|
||||
--force-cache Only use data from the cache
|
||||
--refresh-cache Force refresh of cache by making API requests to
|
||||
DigitalOcean (default: False - use cache files)
|
||||
--api-token API_TOKEN, -a API_TOKEN
|
||||
DigitalOcean API Token
|
||||
```
|
||||
|
||||
'''
|
||||
|
||||
# (c) 2013, Evan Wies <evan@neomantra.net>
|
||||
#
|
||||
# Inspired by the EC2 inventory plugin:
|
||||
# https://github.com/ansible/ansible/blob/devel/contrib/inventory/ec2.py
|
||||
#
|
||||
# This file is part of Ansible,
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
######################################################################
|
||||
|
||||
import os
|
||||
import sys
|
||||
import re
|
||||
import argparse
|
||||
from time import time
|
||||
import ConfigParser
|
||||
import ast
|
||||
|
||||
try:
|
||||
import json
|
||||
except ImportError:
|
||||
import simplejson as json
|
||||
|
||||
try:
|
||||
from dopy.manager import DoManager
|
||||
except ImportError as e:
|
||||
sys.exit("failed=True msg='`dopy` library required for this script'")
|
||||
|
||||
|
||||
class DigitalOceanInventory(object):
|
||||
|
||||
###########################################################################
|
||||
# Main execution path
|
||||
###########################################################################
|
||||
|
||||
def __init__(self):
|
||||
''' Main execution path '''
|
||||
|
||||
# DigitalOceanInventory data
|
||||
self.data = {} # All DigitalOcean data
|
||||
self.inventory = {} # Ansible Inventory
|
||||
|
||||
# Define defaults
|
||||
self.cache_path = '.'
|
||||
self.cache_max_age = 0
|
||||
self.use_private_network = False
|
||||
self.group_variables = {}
|
||||
|
||||
# Read settings, environment variables, and CLI arguments
|
||||
self.read_settings()
|
||||
self.read_environment()
|
||||
self.read_cli_args()
|
||||
|
||||
# Verify credentials were set
|
||||
if not hasattr(self, 'api_token'):
|
||||
sys.stderr.write('''Could not find values for DigitalOcean api_token.
|
||||
They must be specified via either ini file, command line argument (--api-token),
|
||||
or environment variables (DO_API_TOKEN)\n''')
|
||||
sys.exit(-1)
|
||||
|
||||
# env command, show DigitalOcean credentials
|
||||
if self.args.env:
|
||||
print("DO_API_TOKEN=%s" % self.api_token)
|
||||
sys.exit(0)
|
||||
|
||||
# Manage cache
|
||||
self.cache_filename = self.cache_path + "/ansible-digital_ocean.cache"
|
||||
self.cache_refreshed = False
|
||||
|
||||
if self.is_cache_valid():
|
||||
self.load_from_cache()
|
||||
if len(self.data) == 0:
|
||||
if self.args.force_cache:
|
||||
sys.stderr.write('''Cache is empty and --force-cache was specified\n''')
|
||||
sys.exit(-1)
|
||||
|
||||
self.manager = DoManager(None, self.api_token, api_version=2)
|
||||
|
||||
# Pick the json_data to print based on the CLI command
|
||||
if self.args.droplets:
|
||||
self.load_from_digital_ocean('droplets')
|
||||
json_data = {'droplets': self.data['droplets']}
|
||||
elif self.args.regions:
|
||||
self.load_from_digital_ocean('regions')
|
||||
json_data = {'regions': self.data['regions']}
|
||||
elif self.args.images:
|
||||
self.load_from_digital_ocean('images')
|
||||
json_data = {'images': self.data['images']}
|
||||
elif self.args.sizes:
|
||||
self.load_from_digital_ocean('sizes')
|
||||
json_data = {'sizes': self.data['sizes']}
|
||||
elif self.args.ssh_keys:
|
||||
self.load_from_digital_ocean('ssh_keys')
|
||||
json_data = {'ssh_keys': self.data['ssh_keys']}
|
||||
elif self.args.domains:
|
||||
self.load_from_digital_ocean('domains')
|
||||
json_data = {'domains': self.data['domains']}
|
||||
elif self.args.all:
|
||||
self.load_from_digital_ocean()
|
||||
json_data = self.data
|
||||
elif self.args.host:
|
||||
json_data = self.load_droplet_variables_for_host()
|
||||
else: # '--list' this is last to make it default
|
||||
self.load_from_digital_ocean('droplets')
|
||||
self.build_inventory()
|
||||
json_data = self.inventory
|
||||
|
||||
if self.cache_refreshed:
|
||||
self.write_to_cache()
|
||||
|
||||
if self.args.pretty:
|
||||
print(json.dumps(json_data, sort_keys=True, indent=2))
|
||||
else:
|
||||
print(json.dumps(json_data))
|
||||
# That's all she wrote...
|
||||
|
||||
###########################################################################
|
||||
# Script configuration
|
||||
###########################################################################
|
||||
|
||||
def read_settings(self):
|
||||
''' Reads the settings from the digital_ocean.ini file '''
|
||||
config = ConfigParser.SafeConfigParser()
|
||||
config.read(os.path.dirname(os.path.realpath(__file__)) + '/digital_ocean.ini')
|
||||
|
||||
# Credentials
|
||||
if config.has_option('digital_ocean', 'api_token'):
|
||||
self.api_token = config.get('digital_ocean', 'api_token')
|
||||
|
||||
# Cache related
|
||||
if config.has_option('digital_ocean', 'cache_path'):
|
||||
self.cache_path = config.get('digital_ocean', 'cache_path')
|
||||
if config.has_option('digital_ocean', 'cache_max_age'):
|
||||
self.cache_max_age = config.getint('digital_ocean', 'cache_max_age')
|
||||
|
||||
# Private IP Address
|
||||
if config.has_option('digital_ocean', 'use_private_network'):
|
||||
self.use_private_network = config.getboolean('digital_ocean', 'use_private_network')
|
||||
|
||||
# Group variables
|
||||
if config.has_option('digital_ocean', 'group_variables'):
|
||||
self.group_variables = ast.literal_eval(config.get('digital_ocean', 'group_variables'))
|
||||
|
||||
def read_environment(self):
|
||||
''' Reads the settings from environment variables '''
|
||||
# Setup credentials
|
||||
if os.getenv("DO_API_TOKEN"):
|
||||
self.api_token = os.getenv("DO_API_TOKEN")
|
||||
if os.getenv("DO_API_KEY"):
|
||||
self.api_token = os.getenv("DO_API_KEY")
|
||||
|
||||
def read_cli_args(self):
|
||||
''' Command line argument processing '''
|
||||
parser = argparse.ArgumentParser(description='Produce an Ansible Inventory file based on DigitalOcean credentials')
|
||||
|
||||
parser.add_argument('--list', action='store_true', help='List all active Droplets as Ansible inventory (default: True)')
|
||||
parser.add_argument('--host', action='store', help='Get all Ansible inventory variables about a specific Droplet')
|
||||
|
||||
parser.add_argument('--all', action='store_true', help='List all DigitalOcean information as JSON')
|
||||
parser.add_argument('--droplets', '-d', action='store_true', help='List Droplets as JSON')
|
||||
parser.add_argument('--regions', action='store_true', help='List Regions as JSON')
|
||||
parser.add_argument('--images', action='store_true', help='List Images as JSON')
|
||||
parser.add_argument('--sizes', action='store_true', help='List Sizes as JSON')
|
||||
parser.add_argument('--ssh-keys', action='store_true', help='List SSH keys as JSON')
|
||||
parser.add_argument('--domains', action='store_true', help='List Domains as JSON')
|
||||
|
||||
parser.add_argument('--pretty', '-p', action='store_true', help='Pretty-print results')
|
||||
|
||||
parser.add_argument('--cache-path', action='store', help='Path to the cache files (default: .)')
|
||||
parser.add_argument('--cache-max_age', action='store', help='Maximum age of the cached items (default: 0)')
|
||||
parser.add_argument('--force-cache', action='store_true', default=False, help='Only use data from the cache')
|
||||
parser.add_argument('--refresh-cache', '-r', action='store_true', default=False,
|
||||
help='Force refresh of cache by making API requests to DigitalOcean (default: False - use cache files)')
|
||||
|
||||
parser.add_argument('--env', '-e', action='store_true', help='Display DO_API_TOKEN')
|
||||
parser.add_argument('--api-token', '-a', action='store', help='DigitalOcean API Token')
|
||||
|
||||
self.args = parser.parse_args()
|
||||
|
||||
if self.args.api_token:
|
||||
self.api_token = self.args.api_token
|
||||
|
||||
# Make --list default if none of the other commands are specified
|
||||
if (not self.args.droplets and not self.args.regions and
|
||||
not self.args.images and not self.args.sizes and
|
||||
not self.args.ssh_keys and not self.args.domains and
|
||||
not self.args.all and not self.args.host):
|
||||
self.args.list = True
|
||||
|
||||
###########################################################################
|
||||
# Data Management
|
||||
###########################################################################
|
||||
|
||||
def load_from_digital_ocean(self, resource=None):
|
||||
'''Get JSON from DigitalOcean API'''
|
||||
if self.args.force_cache and os.path.isfile(self.cache_filename):
|
||||
return
|
||||
# We always get fresh droplets
|
||||
if self.is_cache_valid() and not (resource == 'droplets' or resource is None):
|
||||
return
|
||||
if self.args.refresh_cache:
|
||||
resource = None
|
||||
|
||||
if resource == 'droplets' or resource is None:
|
||||
self.data['droplets'] = self.manager.all_active_droplets()
|
||||
self.cache_refreshed = True
|
||||
if resource == 'regions' or resource is None:
|
||||
self.data['regions'] = self.manager.all_regions()
|
||||
self.cache_refreshed = True
|
||||
if resource == 'images' or resource is None:
|
||||
self.data['images'] = self.manager.all_images(filter=None)
|
||||
self.cache_refreshed = True
|
||||
if resource == 'sizes' or resource is None:
|
||||
self.data['sizes'] = self.manager.sizes()
|
||||
self.cache_refreshed = True
|
||||
if resource == 'ssh_keys' or resource is None:
|
||||
self.data['ssh_keys'] = self.manager.all_ssh_keys()
|
||||
self.cache_refreshed = True
|
||||
if resource == 'domains' or resource is None:
|
||||
self.data['domains'] = self.manager.all_domains()
|
||||
self.cache_refreshed = True
|
||||
|
||||
def build_inventory(self):
|
||||
'''Build Ansible inventory of droplets'''
|
||||
self.inventory = {
|
||||
'all': {
|
||||
'hosts': [],
|
||||
'vars': self.group_variables
|
||||
},
|
||||
'_meta': {'hostvars': {}}
|
||||
}
|
||||
|
||||
# add all droplets by id and name
|
||||
for droplet in self.data['droplets']:
|
||||
# when using private_networking, the API reports the private one in "ip_address".
|
||||
if 'private_networking' in droplet['features'] and not self.use_private_network:
|
||||
for net in droplet['networks']['v4']:
|
||||
if net['type'] == 'public':
|
||||
dest = net['ip_address']
|
||||
else:
|
||||
continue
|
||||
else:
|
||||
dest = droplet['ip_address']
|
||||
|
||||
self.inventory['all']['hosts'].append(dest)
|
||||
|
||||
self.inventory[droplet['id']] = [dest]
|
||||
self.inventory[droplet['name']] = [dest]
|
||||
|
||||
# groups that are always present
|
||||
for group in ('region_' + droplet['region']['slug'],
|
||||
'image_' + str(droplet['image']['id']),
|
||||
'size_' + droplet['size']['slug'],
|
||||
'distro_' + self.to_safe(droplet['image']['distribution']),
|
||||
'status_' + droplet['status']):
|
||||
if group not in self.inventory:
|
||||
self.inventory[group] = {'hosts': [], 'vars': {}}
|
||||
self.inventory[group]['hosts'].append(dest)
|
||||
|
||||
# groups that are not always present
|
||||
for group in (droplet['image']['slug'],
|
||||
droplet['image']['name']):
|
||||
if group:
|
||||
image = 'image_' + self.to_safe(group)
|
||||
if image not in self.inventory:
|
||||
self.inventory[image] = {'hosts': [], 'vars': {}}
|
||||
self.inventory[image]['hosts'].append(dest)
|
||||
|
||||
if droplet['tags']:
|
||||
for tag in droplet['tags']:
|
||||
if tag not in self.inventory:
|
||||
self.inventory[tag] = {'hosts': [], 'vars': {}}
|
||||
self.inventory[tag]['hosts'].append(dest)
|
||||
|
||||
# hostvars
|
||||
info = self.do_namespace(droplet)
|
||||
self.inventory['_meta']['hostvars'][dest] = info
|
||||
|
||||
def load_droplet_variables_for_host(self):
|
||||
'''Generate a JSON response to a --host call'''
|
||||
host = int(self.args.host)
|
||||
droplet = self.manager.show_droplet(host)
|
||||
info = self.do_namespace(droplet)
|
||||
return {'droplet': info}
|
||||
|
||||
###########################################################################
|
||||
# Cache Management
|
||||
###########################################################################
|
||||
|
||||
def is_cache_valid(self):
|
||||
''' Determines if the cache files have expired, or if it is still valid '''
|
||||
if os.path.isfile(self.cache_filename):
|
||||
mod_time = os.path.getmtime(self.cache_filename)
|
||||
current_time = time()
|
||||
if (mod_time + self.cache_max_age) > current_time:
|
||||
return True
|
||||
return False
|
||||
|
||||
def load_from_cache(self):
|
||||
''' Reads the data from the cache file and assigns it to member variables as Python Objects'''
|
||||
try:
|
||||
cache = open(self.cache_filename, 'r')
|
||||
json_data = cache.read()
|
||||
cache.close()
|
||||
data = json.loads(json_data)
|
||||
except IOError:
|
||||
data = {'data': {}, 'inventory': {}}
|
||||
|
||||
self.data = data['data']
|
||||
self.inventory = data['inventory']
|
||||
|
||||
def write_to_cache(self):
|
||||
''' Writes data in JSON format to a file '''
|
||||
data = {'data': self.data, 'inventory': self.inventory}
|
||||
json_data = json.dumps(data, sort_keys=True, indent=2)
|
||||
|
||||
cache = open(self.cache_filename, 'w')
|
||||
cache.write(json_data)
|
||||
cache.close()
|
||||
|
||||
###########################################################################
|
||||
# Utilities
|
||||
###########################################################################
|
||||
|
||||
def push(self, my_dict, key, element):
|
||||
''' Pushed an element onto an array that may not have been defined in the dict '''
|
||||
if key in my_dict:
|
||||
my_dict[key].append(element)
|
||||
else:
|
||||
my_dict[key] = [element]
|
||||
|
||||
def to_safe(self, word):
|
||||
''' Converts 'bad' characters in a string to underscores so they can be used as Ansible groups '''
|
||||
return re.sub("[^A-Za-z0-9\-\.]", "_", word)
|
||||
|
||||
def do_namespace(self, data):
|
||||
''' Returns a copy of the dictionary with all the keys put in a 'do_' namespace '''
|
||||
info = {}
|
||||
for k, v in data.items():
|
||||
info['do_' + k] = v
|
||||
return info
|
||||
|
||||
|
||||
###########################################################################
|
||||
# Run the script
|
||||
DigitalOceanInventory()
|
|
@ -1,209 +0,0 @@
|
|||
# Ansible EC2 external inventory script settings
|
||||
#
|
||||
|
||||
[ec2]
|
||||
|
||||
# to talk to a private eucalyptus instance uncomment these lines
|
||||
# and edit edit eucalyptus_host to be the host name of your cloud controller
|
||||
#eucalyptus = True
|
||||
#eucalyptus_host = clc.cloud.domain.org
|
||||
|
||||
# AWS regions to make calls to. Set this to 'all' to make request to all regions
|
||||
# in AWS and merge the results together. Alternatively, set this to a comma
|
||||
# separated list of regions. E.g. 'us-east-1,us-west-1,us-west-2' and do not
|
||||
# provide the 'regions_exclude' option. If this is set to 'auto', AWS_REGION or
|
||||
# AWS_DEFAULT_REGION environment variable will be read to determine the region.
|
||||
regions = all
|
||||
regions_exclude = us-gov-west-1, cn-north-1
|
||||
|
||||
# When generating inventory, Ansible needs to know how to address a server.
|
||||
# Each EC2 instance has a lot of variables associated with it. Here is the list:
|
||||
# http://docs.pythonboto.org/en/latest/ref/ec2.html#module-boto.ec2.instance
|
||||
# Below are 2 variables that are used as the address of a server:
|
||||
# - destination_variable
|
||||
# - vpc_destination_variable
|
||||
|
||||
# This is the normal destination variable to use. If you are running Ansible
|
||||
# from outside EC2, then 'public_dns_name' makes the most sense. If you are
|
||||
# running Ansible from within EC2, then perhaps you want to use the internal
|
||||
# address, and should set this to 'private_dns_name'. The key of an EC2 tag
|
||||
# may optionally be used; however the boto instance variables hold precedence
|
||||
# in the event of a collision.
|
||||
destination_variable = public_dns_name
|
||||
|
||||
# This allows you to override the inventory_name with an ec2 variable, instead
|
||||
# of using the destination_variable above. Addressing (aka ansible_ssh_host)
|
||||
# will still use destination_variable. Tags should be written as 'tag_TAGNAME'.
|
||||
#hostname_variable = tag_Name
|
||||
|
||||
# For server inside a VPC, using DNS names may not make sense. When an instance
|
||||
# has 'subnet_id' set, this variable is used. If the subnet is public, setting
|
||||
# this to 'ip_address' will return the public IP address. For instances in a
|
||||
# private subnet, this should be set to 'private_ip_address', and Ansible must
|
||||
# be run from within EC2. The key of an EC2 tag may optionally be used; however
|
||||
# the boto instance variables hold precedence in the event of a collision.
|
||||
# WARNING: - instances that are in the private vpc, _without_ public ip address
|
||||
# will not be listed in the inventory until You set:
|
||||
# vpc_destination_variable = private_ip_address
|
||||
vpc_destination_variable = ip_address
|
||||
|
||||
# The following two settings allow flexible ansible host naming based on a
|
||||
# python format string and a comma-separated list of ec2 tags. Note that:
|
||||
#
|
||||
# 1) If the tags referenced are not present for some instances, empty strings
|
||||
# will be substituted in the format string.
|
||||
# 2) This overrides both destination_variable and vpc_destination_variable.
|
||||
#
|
||||
#destination_format = {0}.{1}.example.com
|
||||
#destination_format_tags = Name,environment
|
||||
|
||||
# To tag instances on EC2 with the resource records that point to them from
|
||||
# Route53, set 'route53' to True.
|
||||
route53 = False
|
||||
|
||||
# To use Route53 records as the inventory hostnames, uncomment and set
|
||||
# to equal the domain name you wish to use. You must also have 'route53' (above)
|
||||
# set to True.
|
||||
# route53_hostnames = .example.com
|
||||
|
||||
# To exclude RDS instances from the inventory, uncomment and set to False.
|
||||
#rds = False
|
||||
|
||||
# To exclude ElastiCache instances from the inventory, uncomment and set to False.
|
||||
#elasticache = False
|
||||
|
||||
# Additionally, you can specify the list of zones to exclude looking up in
|
||||
# 'route53_excluded_zones' as a comma-separated list.
|
||||
# route53_excluded_zones = samplezone1.com, samplezone2.com
|
||||
|
||||
# By default, only EC2 instances in the 'running' state are returned. Set
|
||||
# 'all_instances' to True to return all instances regardless of state.
|
||||
all_instances = False
|
||||
|
||||
# By default, only EC2 instances in the 'running' state are returned. Specify
|
||||
# EC2 instance states to return as a comma-separated list. This
|
||||
# option is overridden when 'all_instances' is True.
|
||||
# instance_states = pending, running, shutting-down, terminated, stopping, stopped
|
||||
|
||||
# By default, only RDS instances in the 'available' state are returned. Set
|
||||
# 'all_rds_instances' to True return all RDS instances regardless of state.
|
||||
all_rds_instances = False
|
||||
|
||||
# Include RDS cluster information (Aurora etc.)
|
||||
include_rds_clusters = False
|
||||
|
||||
# By default, only ElastiCache clusters and nodes in the 'available' state
|
||||
# are returned. Set 'all_elasticache_clusters' and/or 'all_elastic_nodes'
|
||||
# to True return all ElastiCache clusters and nodes, regardless of state.
|
||||
#
|
||||
# Note that all_elasticache_nodes only applies to listed clusters. That means
|
||||
# if you set all_elastic_clusters to false, no node will be return from
|
||||
# unavailable clusters, regardless of the state and to what you set for
|
||||
# all_elasticache_nodes.
|
||||
all_elasticache_replication_groups = False
|
||||
all_elasticache_clusters = False
|
||||
all_elasticache_nodes = False
|
||||
|
||||
# API calls to EC2 are slow. For this reason, we cache the results of an API
|
||||
# call. Set this to the path you want cache files to be written to. Two files
|
||||
# will be written to this directory:
|
||||
# - ansible-ec2.cache
|
||||
# - ansible-ec2.index
|
||||
cache_path = ~/.ansible/tmp
|
||||
|
||||
# The number of seconds a cache file is considered valid. After this many
|
||||
# seconds, a new API call will be made, and the cache file will be updated.
|
||||
# To disable the cache, set this value to 0
|
||||
cache_max_age = 300
|
||||
|
||||
# Organize groups into a nested/hierarchy instead of a flat namespace.
|
||||
nested_groups = False
|
||||
|
||||
# Replace - tags when creating groups to avoid issues with ansible
|
||||
replace_dash_in_groups = True
|
||||
|
||||
# If set to true, any tag of the form "a,b,c" is expanded into a list
|
||||
# and the results are used to create additional tag_* inventory groups.
|
||||
expand_csv_tags = False
|
||||
|
||||
# The EC2 inventory output can become very large. To manage its size,
|
||||
# configure which groups should be created.
|
||||
group_by_instance_id = True
|
||||
group_by_region = True
|
||||
group_by_availability_zone = True
|
||||
group_by_aws_account = False
|
||||
group_by_ami_id = True
|
||||
group_by_instance_type = True
|
||||
group_by_instance_state = False
|
||||
group_by_key_pair = True
|
||||
group_by_vpc_id = True
|
||||
group_by_security_group = True
|
||||
group_by_tag_keys = True
|
||||
group_by_tag_none = True
|
||||
group_by_route53_names = True
|
||||
group_by_rds_engine = True
|
||||
group_by_rds_parameter_group = True
|
||||
group_by_elasticache_engine = True
|
||||
group_by_elasticache_cluster = True
|
||||
group_by_elasticache_parameter_group = True
|
||||
group_by_elasticache_replication_group = True
|
||||
|
||||
# If you only want to include hosts that match a certain regular expression
|
||||
# pattern_include = staging-*
|
||||
|
||||
# If you want to exclude any hosts that match a certain regular expression
|
||||
# pattern_exclude = staging-*
|
||||
|
||||
# Instance filters can be used to control which instances are retrieved for
|
||||
# inventory. For the full list of possible filters, please read the EC2 API
|
||||
# docs: http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeInstances.html#query-DescribeInstances-filters
|
||||
# Filters are key/value pairs separated by '=', to list multiple filters use
|
||||
# a list separated by commas. See examples below.
|
||||
|
||||
# If you want to apply multiple filters simultaneously, set stack_filters to
|
||||
# True. Default behaviour is to combine the results of all filters. Stacking
|
||||
# allows the use of multiple conditions to filter down, for example by
|
||||
# environment and type of host.
|
||||
stack_filters = False
|
||||
|
||||
# Retrieve only instances with (key=value) env=staging tag
|
||||
# instance_filters = tag:env=staging
|
||||
|
||||
# Retrieve only instances with role=webservers OR role=dbservers tag
|
||||
# instance_filters = tag:role=webservers,tag:role=dbservers
|
||||
|
||||
# Retrieve only t1.micro instances OR instances with tag env=staging
|
||||
# instance_filters = instance-type=t1.micro,tag:env=staging
|
||||
|
||||
# You can use wildcards in filter values also. Below will list instances which
|
||||
# tag Name value matches webservers1*
|
||||
# (ex. webservers15, webservers1a, webservers123 etc)
|
||||
# instance_filters = tag:Name=webservers1*
|
||||
|
||||
# An IAM role can be assumed, so all requests are run as that role.
|
||||
# This can be useful for connecting across different accounts, or to limit user
|
||||
# access
|
||||
# iam_role = role-arn
|
||||
|
||||
# A boto configuration profile may be used to separate out credentials
|
||||
# see http://boto.readthedocs.org/en/latest/boto_config_tut.html
|
||||
# boto_profile = some-boto-profile-name
|
||||
|
||||
|
||||
[credentials]
|
||||
|
||||
# The AWS credentials can optionally be specified here. Credentials specified
|
||||
# here are ignored if the environment variable AWS_ACCESS_KEY_ID or
|
||||
# AWS_PROFILE is set, or if the boto_profile property above is set.
|
||||
#
|
||||
# Supplying AWS credentials here is not recommended, as it introduces
|
||||
# non-trivial security concerns. When going down this route, please make sure
|
||||
# to set access permissions for this file correctly, e.g. handle it the same
|
||||
# way as you would a private SSH key.
|
||||
#
|
||||
# Unlike the boto and AWS configure files, this section does not support
|
||||
# profiles.
|
||||
#
|
||||
# aws_access_key_id = AXXXXXXXXXXXXXX
|
||||
# aws_secret_access_key = XXXXXXXXXXXXXXXXXXX
|
||||
# aws_security_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
File diff suppressed because it is too large
Load Diff
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
|
||||
#variable "service" is required
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}:tag_Environment_{{ lookup('env','TF_VAR_TESTNET_NAME') | regex_replace('-','_') }}"
|
||||
roles:
|
||||
- jsonconfig
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}:tag_Environment_{{ lookup('env','TF_VAR_TESTNET_NAME') | regex_replace('-','_') }}"
|
||||
become: yes
|
||||
roles:
|
||||
- stop
|
||||
- unsafe_reset
|
||||
- start
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
|
||||
#variable "service" is required
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}:tag_Environment_{{ lookup('env','TF_VAR_TESTNET_NAME') | regex_replace('-','_') }}"
|
||||
roles:
|
||||
- stop
|
||||
- start
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
#genesis_file: "<undefined>"
|
||||
app_options_file: "app_options_files/public_testnet"
|
||||
seeds: ""
|
||||
testnet_name: testnet1
|
||||
validators: true
|
||||
|
|
@ -1,71 +0,0 @@
|
|||
---
|
||||
|
||||
- name: gather tendermint public keys
|
||||
when: (validators == true or validators == 'true') and genesis_file is not defined
|
||||
tags: reconfig-toml,reconfig-genesis
|
||||
command: "/usr/bin/tendermint show_validator --home /etc/{{service}} --log_level error"
|
||||
register: pubkeys
|
||||
changed_when: false
|
||||
|
||||
- name: gather tendermint peer IDs
|
||||
when: genesis_file is not defined
|
||||
tags: reconfig-toml
|
||||
command: "/usr/bin/tendermint show_node_id --home /etc/{{service}} --log_level error"
|
||||
register: nodeids
|
||||
changed_when: false
|
||||
|
||||
- name: resetting permissions from root after gathering public keys
|
||||
tags: reconfig-toml,reconfig-genesis
|
||||
file: "path=/etc/{{service}} owner={{service}} group={{service}} recurse=yes"
|
||||
|
||||
- name: register tendermint public keys as host facts
|
||||
when: (validators == true or validators == 'true') and genesis_file is not defined
|
||||
tags: reconfig-toml,reconfig-genesis
|
||||
set_fact: "pubkey='{{pubkeys.stdout}}'"
|
||||
connection: local
|
||||
|
||||
- name: register node ids as host facts
|
||||
when: genesis_file is not defined
|
||||
tags: reconfig-toml
|
||||
set_fact: "nodeid='{{nodeids.stdout}}'"
|
||||
connection: local
|
||||
|
||||
- name: copy generated genesis.json - genesis_time will be updated
|
||||
when: (validators == true or validators == 'true') and (genesis_file is not defined)
|
||||
tags: reconfig-genesis
|
||||
template:
|
||||
src: genesis.json.j2
|
||||
dest: "/etc/{{service}}/config/genesis.json"
|
||||
owner: "{{service}}"
|
||||
group: "{{service}}"
|
||||
|
||||
- name: copy pre-created genesis.json
|
||||
when: genesis_file is defined
|
||||
tags: reconfig-genesis
|
||||
copy: "src={{genesis_file}} dest=/etc/{{service}}/config/genesis.json owner={{service}} group={{service}}"
|
||||
|
||||
- name: copy tendermint config.toml
|
||||
tags: reconfig-toml
|
||||
when: validators == true or validators == 'true'
|
||||
template:
|
||||
src: config.toml.j2
|
||||
dest: "/etc/{{service}}/config/config.toml"
|
||||
owner: "{{service}}"
|
||||
group: "{{service}}"
|
||||
|
||||
- name: Copy validator network files for non-validators
|
||||
when: validators == false or validators == 'false'
|
||||
tags: reconfig-toml,reconfig-genesis
|
||||
get_url: "url={{item['src']}} dest={{item['dst']}} force=yes"
|
||||
with_items:
|
||||
- { src: "https://raw.githubusercontent.com/tendermint/testnets/master/{{validator_network}}/{{service}}/genesis.json" , dst: "/etc/{{service}}/config/genesis.json" }
|
||||
- { src: "https://raw.githubusercontent.com/tendermint/testnets/master/{{validator_network}}/config.toml" , dst: "/etc/{{service}}/config/config.toml" }
|
||||
|
||||
- name: Set validator network files permissions for non-validators
|
||||
when: validators == false or validators == 'false'
|
||||
tags: reconfig-toml,reconfig-genesis
|
||||
file: "path={{item}} owner={{service}} group={{service}}"
|
||||
with_items:
|
||||
- "/etc/{{service}}/config/genesis.json"
|
||||
- "/etc/{{service}}/config/config.toml"
|
||||
|
|
@ -1,221 +0,0 @@
|
|||
# This is a TOML config file.
|
||||
# For more information, see https://github.com/toml-lang/toml
|
||||
|
||||
##### main base config options #####
|
||||
|
||||
# TCP or UNIX socket address of the ABCI application,
|
||||
# or the name of an ABCI application compiled in with the Tendermint binary
|
||||
proxy_app = "tcp://127.0.0.1:46658"
|
||||
|
||||
# A custom human readable name for this node
|
||||
moniker = "{{inventory_hostname}}"
|
||||
|
||||
# If this node is many blocks behind the tip of the chain, FastSync
|
||||
# allows them to catchup quickly by downloading blocks in parallel
|
||||
# and verifying their commits
|
||||
fast_sync = true
|
||||
|
||||
{% if service == 'tendermint' %}
|
||||
|
||||
# Database backend: leveldb | memdb
|
||||
db_backend = "memdb"
|
||||
|
||||
# Database directory
|
||||
db_path = "data"
|
||||
|
||||
# Output level for logging, including package level options
|
||||
log_level = "mempool:error,*:debug"
|
||||
|
||||
{% else %}
|
||||
|
||||
# Database backend: leveldb | memdb
|
||||
db_backend = "leveldb"
|
||||
|
||||
# Database directory
|
||||
db_path = "data"
|
||||
|
||||
# Output level for logging, including package level options
|
||||
log_level = "main:info,state:info,*:error"
|
||||
#log_level = "mempool:error,*:debug"
|
||||
|
||||
{% endif %}
|
||||
|
||||
##### additional base config options #####
|
||||
|
||||
# Path to the JSON file containing the initial validator set and other meta data
|
||||
genesis_file = "config/genesis.json"
|
||||
|
||||
# Path to the JSON file containing the private key to use as a validator in the consensus protocol
|
||||
priv_validator_file = "config/priv_validator.json"
|
||||
|
||||
# Path to the JSON file containing the private key to use for node authentication in the p2p protocol
|
||||
node_key_file = "config/node_key.json"
|
||||
|
||||
# Mechanism to connect to the ABCI application: socket | grpc
|
||||
abci = "socket"
|
||||
|
||||
# TCP or UNIX socket address for the profiling server to listen on
|
||||
prof_laddr = ""
|
||||
|
||||
# If true, query the ABCI app on connecting to a new peer
|
||||
# so the app can decide if we should keep the connection or not
|
||||
filter_peers = false
|
||||
|
||||
##### advanced configuration options #####
|
||||
|
||||
##### rpc server configuration options #####
|
||||
[rpc]
|
||||
|
||||
# TCP or UNIX socket address for the RPC server to listen on
|
||||
laddr = "tcp://0.0.0.0:46657"
|
||||
|
||||
# TCP or UNIX socket address for the gRPC server to listen on
|
||||
# NOTE: This server only supports /broadcast_tx_commit
|
||||
grpc_laddr = ""
|
||||
|
||||
# Activate unsafe RPC commands like /dial_seeds and /unsafe_flush_mempool
|
||||
unsafe = false
|
||||
|
||||
##### peer to peer configuration options #####
|
||||
[p2p]
|
||||
|
||||
# Address to listen for incoming connections
|
||||
laddr = "tcp://0.0.0.0:46656"
|
||||
|
||||
# Comma separated list of seed nodes to connect to
|
||||
seeds = "{{ seeds | default() }}"
|
||||
|
||||
# Comma separated list of nodes to keep persistent connections to
|
||||
{% set comma = joiner(",") %}persistent_peers = "{% for host in ((groups[testnet_name]|default([]))+(groups['tag_Environment_'~(testnet_name|regex_replace('-','_'))]|default([])))|difference(inventory_hostname) %}{{ comma() }}{{hostvars[host]["nodeid"]}}@{{hostvars[host]["inventory_hostname"]}}:46656{% endfor %}"
|
||||
|
||||
# Path to address book
|
||||
addr_book_file = "config/addrbook.json"
|
||||
|
||||
# Set true for strict address routability rules
|
||||
addr_book_strict = true
|
||||
|
||||
# Time to wait before flushing messages out on the connection, in ms
|
||||
flush_throttle_timeout = 100
|
||||
|
||||
# Maximum number of peers to connect to
|
||||
#max_num_peers = 50
|
||||
max_num_peers = 300
|
||||
|
||||
# Maximum size of a message packet payload, in bytes
|
||||
{% if service == 'tendermint' %}
|
||||
max_msg_packet_payload_size = 65536
|
||||
{% else %}
|
||||
max_msg_packet_payload_size = 1024
|
||||
{% endif %}
|
||||
|
||||
# Rate at which packets can be sent, in bytes/second
|
||||
{% if service == 'tendermint' %}
|
||||
send_rate = 51200000 # 50 MB/s
|
||||
{% else %}
|
||||
send_rate = 512000
|
||||
{% endif %}
|
||||
|
||||
# Rate at which packets can be received, in bytes/second
|
||||
{% if service == 'tendermint' %}
|
||||
recv_rate = 51200000 # 50 MB/s
|
||||
{% else %}
|
||||
recv_rate = 512000
|
||||
{% endif %}
|
||||
|
||||
# Set true to enable the peer-exchange reactor
|
||||
pex = true
|
||||
|
||||
# Seed mode, in which node constantly crawls the network and looks for
|
||||
# peers. If another node asks it for addresses, it responds and disconnects.
|
||||
#
|
||||
# Does not work if the peer-exchange reactor is disabled.
|
||||
seed_mode = false
|
||||
|
||||
##### mempool configuration options #####
|
||||
[mempool]
|
||||
|
||||
{% if service == 'tendermint' %}
|
||||
recheck = false
|
||||
{% else %}
|
||||
recheck = true
|
||||
{% endif %}
|
||||
recheck_empty = true
|
||||
broadcast = true
|
||||
{% if service == 'tendermint' %}
|
||||
wal_dir = ""
|
||||
{% else %}
|
||||
wal_dir = "data/mempool.wal"
|
||||
{% endif %}
|
||||
|
||||
##### consensus configuration options #####
|
||||
[consensus]
|
||||
|
||||
wal_file = "data/cs.wal/wal"
|
||||
{% if service == 'tendermint' %}
|
||||
wal_light = true
|
||||
{% else %}
|
||||
wal_light = false
|
||||
{% endif %}
|
||||
|
||||
# All timeouts are in milliseconds
|
||||
{% if service == 'tendermint' %}
|
||||
timeout_propose = 10000
|
||||
{% else %}
|
||||
timeout_propose = 3000
|
||||
{% endif %}
|
||||
timeout_propose_delta = 500
|
||||
timeout_prevote = 1000
|
||||
timeout_prevote_delta = 500
|
||||
timeout_precommit = 1000
|
||||
timeout_precommit_delta = 500
|
||||
{% if service == 'tendermint' %}
|
||||
timeout_commit = 1
|
||||
{% else %}
|
||||
timeout_commit = 1000
|
||||
{% endif %}
|
||||
|
||||
# Make progress as soon as we have all the precommits (as if TimeoutCommit = 0)
|
||||
{% if service == 'tendermint' %}
|
||||
skip_timeout_commit = true
|
||||
{% else %}
|
||||
skip_timeout_commit = false
|
||||
{% endif %}
|
||||
|
||||
# BlockSize
|
||||
max_block_size_txs = 10000
|
||||
max_block_size_bytes = 1
|
||||
|
||||
# EmptyBlocks mode and possible interval between empty blocks in seconds
|
||||
{% if service == 'tendermint' %}
|
||||
create_empty_blocks = false
|
||||
{% else %}
|
||||
create_empty_blocks = true
|
||||
create_empty_blocks_interval = 60
|
||||
{% endif %}
|
||||
|
||||
# Reactor sleep duration parameters are in milliseconds
|
||||
peer_gossip_sleep_duration = 100
|
||||
peer_query_maj23_sleep_duration = 2000
|
||||
|
||||
##### transactions indexer configuration options #####
|
||||
[tx_index]
|
||||
|
||||
# What indexer to use for transactions
|
||||
#
|
||||
# Options:
|
||||
# 1) "null" (default)
|
||||
# 2) "kv" - the simplest possible indexer, backed by key-value storage (defaults to levelDB; see DBBackend).
|
||||
indexer = "kv"
|
||||
|
||||
# Comma-separated list of tags to index (by default the only tag is tx hash)
|
||||
#
|
||||
# It's recommended to index only a subset of tags due to possible memory
|
||||
# bloat. This is, of course, depends on the indexer's DB and the volume of
|
||||
# transactions.
|
||||
index_tags = ""
|
||||
|
||||
# When set to true, tells indexer to index all tags. Note this may be not
|
||||
# desirable (see the comment above). IndexTags has a precedence over
|
||||
# IndexAllTags (i.e. when given both, IndexTags will be indexed).
|
||||
index_all_tags = false
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
{
|
||||
"genesis_time":"{{ansible_date_time.iso8601}}",
|
||||
"chain_id":"{{testnet_name}}",
|
||||
"validators":
|
||||
[
|
||||
{% if (validators == true) or (validators == 'true') %}
|
||||
{% set comma = joiner(",") %}
|
||||
{% for host in (groups[testnet_name]|default([]))+(groups['tag_Environment_'~(testnet_name|regex_replace('-','_'))]|default([])) %}
|
||||
{{ comma() }}
|
||||
{
|
||||
"pub_key": {
|
||||
"data": "{{hostvars[host]["pubkey"]["data"]}}",
|
||||
"type": "{{hostvars[host]["pubkey"]["type"]}}"
|
||||
},
|
||||
"power":1000,
|
||||
"name":"{{hostvars[host]["inventory_hostname"]}}"
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
],
|
||||
"app_hash":"",
|
||||
{% if service == 'basecoind' %}
|
||||
"app_state": {
|
||||
{% else %}
|
||||
"app_options": {
|
||||
{% endif %}
|
||||
{% if app_options_file is defined %}
|
||||
{% include app_options_file %}
|
||||
{% endif %}
|
||||
}
|
||||
{% if service == 'ethermint' %}
|
||||
,
|
||||
"config": {
|
||||
"chainId": 15,
|
||||
"homesteadBlock": 0,
|
||||
"eip155Block": 0,
|
||||
"eip158Block": 0
|
||||
},
|
||||
"nonce": "0xdeadbeefdeadbeef",
|
||||
"timestamp": "0x00",
|
||||
"parentHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
|
||||
"mixhash": "0x0000000000000000000000000000000000000000000000000000000000000000",
|
||||
"difficulty": "0x40",
|
||||
"gasLimit": "0x8000000",
|
||||
"alloc": {
|
||||
"0x7eff122b94897ea5b0e2a9abf47b86337fafebdc": { "balance": "10000000000000000000000000000000000" },
|
||||
"0xc6713982649D9284ff56c32655a9ECcCDA78422A": { "balance": "10000000000000000000000000000000000" }
|
||||
}
|
||||
{% endif %}
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Create service group
|
||||
group: "name={{service}}"
|
||||
|
||||
- name: Create service user
|
||||
user: "name={{service}} group={{service}} home=/etc/{{service}}"
|
||||
|
||||
- name: Change user folder to more permissive
|
||||
file: "path=/etc/{{service}} mode=0755"
|
||||
|
||||
- name: Create tendermint service
|
||||
template: "src=systemd.service.j2 dest=/etc/systemd/system/{{service}}.service"
|
||||
|
||||
- name: Reload systemd services
|
||||
systemd: "name={{service}} daemon_reload=yes enabled=no"
|
||||
|
||||
- name: Initialize tendermint
|
||||
command: "/usr/bin/tendermint init --home /etc/{{service}}"
|
||||
become: yes
|
||||
become_user: "{{service}}"
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[Unit]
|
||||
Description={{service}} server
|
||||
Requires=network-online.target
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Environment="TMHOME=/etc/{{service}}"
|
||||
Restart=on-failure
|
||||
User={{service}}
|
||||
Group={{service}}
|
||||
PermissionsStartOnly=true
|
||||
ExecStart=/usr/bin/tendermint node{{(service=='tendermint')|ternary(' --proxy_app=dummy','')}}
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
KillSignal=SIGTERM
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Get config.toml from node
|
||||
fetch: "dest={{ destination | default('.') }}/config.toml flat=yes src=/etc/{{service}}/config/config.toml"
|
||||
run_once: yes
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Get file from node
|
||||
fetch: "dest={{ destination | default('.') }}/{{ source | basename }} flat=yes src='{{source}}'"
|
||||
run_once: yes
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
release_install: true
|
||||
binary: "{{ lookup('env','GOPATH') | default('') }}/bin/{{service}}"
|
||||
devops_path: false
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
---
|
||||
|
||||
#Three commands to install a service on CentOS/RedHat
|
||||
#wget -O - https://tendermint-packages.interblock.io/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint | rpm --import -
|
||||
#wget -O /etc/yum.repos.d/tendermint.repo https://tendermint-packages.interblock.io/centos/7/os/x86_64/tendermint.repo
|
||||
#yum update && yum install basecoin
|
||||
|
||||
#This has a bug in Ansible 2.3: https://github.com/ansible/ansible/issues/20711
|
||||
#- name: Add repository key on CentOS/RedHat
|
||||
# when: ansible_os_family == "RedHat"
|
||||
# rpm_key: key=https://tendermint-packages.interblock.io/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint
|
||||
|
||||
#Workaround
|
||||
- name: Download repository key for CentOS/RedHat
|
||||
when: ansible_os_family == "RedHat"
|
||||
get_url: "url=https://tendermint-packages.interblock.io/{{ (devops_path | default(false) | bool) | ternary('devops/','') }}centos/7/os/x86_64/RPM-GPG-KEY-Tendermint dest=/root/RPM-GPG-KEY-Tendermint force=yes checksum=sha256:a8c61d4061697d2595562c703dbafbdfdcfa7f0c75a523ac84d5609d1b444abe"
|
||||
- name: Import repository key for CentOS/RedHat
|
||||
when: ansible_os_family == "RedHat"
|
||||
command: "rpm --import /root/RPM-GPG-KEY-Tendermint"
|
||||
|
||||
- name: Install tendermint repository on CentOS/RedHat
|
||||
when: ansible_os_family == "RedHat"
|
||||
yum_repository:
|
||||
name: tendermint
|
||||
baseurl: https://tendermint-packages.interblock.io/{{ (devops_path | default(false) | bool) | ternary('devops/','') }}centos/7/os/x86_64
|
||||
description: "Tendermint repo"
|
||||
gpgcheck: yes
|
||||
gpgkey: https://tendermint-packages.interblock.io/{{ (devops_path | default(false) | bool) | ternary('devops/','') }}centos/7/os/x86_64/RPM-GPG-KEY-Tendermint
|
||||
# repo_gpgcheck: yes
|
||||
|
||||
- name: Install package on CentOS/RedHat
|
||||
when: ansible_os_family == "RedHat"
|
||||
yum: "pkg={{service}} update_cache=yes state=latest"
|
||||
|
||||
# The below commands are required so that the tomlconfig playbook can run.
|
||||
|
||||
- name: Install epel-release on CentOS/RedHat
|
||||
when: ansible_os_family == "RedHat"
|
||||
yum: "pkg=epel-release update_cache=yes state=latest"
|
||||
|
||||
- name: Install pip on CentOS/RedHat
|
||||
when: ansible_os_family == "RedHat"
|
||||
yum: "pkg={{item}} state=latest"
|
||||
with_items:
|
||||
- python2-pip
|
||||
- python-virtualenv
|
||||
- unzip
|
||||
- tar
|
||||
#For show_validator command:
|
||||
- tendermint
|
||||
|
||||
- name: Install toml
|
||||
when: ansible_os_family == "RedHat"
|
||||
pip: name=toml
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
---
|
||||
|
||||
#Three commands to install a service on Debian/Ubuntu
|
||||
#wget -O - https://tendermint-packages.interblock.io/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint | apt-key add -
|
||||
#wget -O /etc/apt/sources.list.d/tendermint.list https://tendermint-packages.interblock.io/debian/tendermint.list
|
||||
#apt-get update && apt-get install basecoin
|
||||
|
||||
- name: Add repository key on Debian/Ubuntu
|
||||
when: ansible_os_family == "Debian"
|
||||
apt_key:
|
||||
url: https://tendermint-packages.interblock.io/{{ (devops_path | default(false) | bool) | ternary('devops/','') }}centos/7/os/x86_64/RPM-GPG-KEY-Tendermint
|
||||
id: 2122CBE9
|
||||
|
||||
- name: Install tendermint repository on Debian/Ubuntu
|
||||
when: ansible_os_family == "Debian"
|
||||
apt_repository:
|
||||
repo: deb https://tendermint-packages.interblock.io/{{ (devops_path | default(false) | bool) | ternary('devops/','') }}debian stable main
|
||||
|
||||
- name: Install package on Debian/Ubuntu
|
||||
when: ansible_os_family == "Debian"
|
||||
apt: "pkg={{service}} update_cache=yes state=latest"
|
||||
|
||||
# The below command is required to use the tomlconfig playbook.
|
||||
|
||||
- name: Install package on Debian/Ubuntu
|
||||
when: ansible_os_family == "Debian"
|
||||
apt: "pkg={{item}} state=latest"
|
||||
with_items:
|
||||
- python-toml
|
||||
- unzip
|
||||
- tar
|
||||
#For show_validator command:
|
||||
- tendermint
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Set timezone
|
||||
when: timezone is defined
|
||||
file: path=/etc/localtime state=link src=/usr/share/zoneinfo/{{timezone}} force=yes
|
||||
|
||||
- name: Disable journald rate-limiting
|
||||
lineinfile: "dest=/etc/systemd/journald.conf regexp={{item.regexp}} line='{{item.line}}'"
|
||||
with_items:
|
||||
- { regexp: "^#RateLimitInterval", line: "RateLimitInterval=0s" }
|
||||
- { regexp: "^#RateLimitBurst", line: "RateLimitBurst=0" }
|
||||
|
||||
- name: Create journal directory for permanent logs
|
||||
file: path=/var/log/journal state=directory
|
||||
|
||||
- name: Set journal folder with systemd-tmpfiles
|
||||
command: "systemd-tmpfiles --create --prefix /var/log/journal"
|
||||
|
||||
- name: Restart journald
|
||||
service: name=systemd-journald state=restarted
|
||||
|
||||
- name: Ability to get the core dump on SIGABRT
|
||||
shell: "ulimit -c unlimited"
|
||||
|
||||
#TODO include is deprecated in Ansible 2.4.0 and will be removed in 2.8.0
|
||||
#Replace it with include_tasks
|
||||
|
||||
- include: debian.yml
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- include: centos.yml
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- name: copy compiled binary
|
||||
when: not release_install|bool
|
||||
copy:
|
||||
src: "{{binary}}"
|
||||
dest: /usr/local/bin
|
||||
mode: 0755
|
||||
|
|
@ -1,360 +0,0 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
ANSIBLE_METADATA = {
|
||||
'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'
|
||||
}
|
||||
|
||||
DOCUMENTATION = '''
|
||||
---
|
||||
module: jsonconfig
|
||||
|
||||
short_description: Ensure a particular configuration is added to a json-formatted configuration file
|
||||
|
||||
version_added: "2.4"
|
||||
|
||||
description:
|
||||
- This module will add configuration to a json-formatted configuration file.
|
||||
|
||||
options:
|
||||
dest:
|
||||
description:
|
||||
- The file to modify.
|
||||
required: true
|
||||
aliases: [ name, destfile ]
|
||||
json:
|
||||
description:
|
||||
- The configuration in json format to apply.
|
||||
required: false
|
||||
default: '{}'
|
||||
merge:
|
||||
description:
|
||||
- Used with C(state=present). If specified, it will merge the configuration. Othwerwise
|
||||
the configuration will be overwritten.
|
||||
required: false
|
||||
choices: [ "yes", "no" ]
|
||||
default: "yes"
|
||||
state:
|
||||
description:
|
||||
- Whether the configuration should be there or not.
|
||||
required: false
|
||||
choices: [ present, absent ]
|
||||
default: "present"
|
||||
create:
|
||||
description:
|
||||
- Used with C(state=present). If specified, the file will be created
|
||||
if it does not already exist. By default it will fail if the file
|
||||
is missing.
|
||||
required: false
|
||||
choices: [ "yes", "no" ]
|
||||
default: "no"
|
||||
backup:
|
||||
description:
|
||||
- Create a backup file including the timestamp information so you can
|
||||
get the original file back if you somehow clobbered it incorrectly.
|
||||
required: false
|
||||
choices: [ "yes", "no" ]
|
||||
default: "no"
|
||||
others:
|
||||
description:
|
||||
- All arguments accepted by the M(file) module also work here.
|
||||
required: false
|
||||
|
||||
extends_documentation_fragment:
|
||||
- files
|
||||
- validate
|
||||
|
||||
author:
|
||||
- "Greg Szabo (@greg-szabo)"
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
# Add a new section to a json file
|
||||
- name: Add comment section
|
||||
jsonconfig:
|
||||
dest: /etc/something.json
|
||||
json: '{ "comment": { "comment1": "mycomment" } }'
|
||||
|
||||
# Rewrite a json file with the configuration
|
||||
- name: Create or overwrite config.json
|
||||
jsonconfig:
|
||||
dest: /etc/config.json
|
||||
json: '{ "regedit": { "freshfile": true } }'
|
||||
merge: no
|
||||
create: yes
|
||||
|
||||
'''
|
||||
|
||||
RETURN = '''
|
||||
changed:
|
||||
description: True if the configuration changed.
|
||||
type: bool
|
||||
msg:
|
||||
description: Description of the change
|
||||
type: str
|
||||
'''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.six import b
|
||||
from ansible.module_utils._text import to_bytes, to_native
|
||||
import tempfile
|
||||
import json
|
||||
import copy
|
||||
import os
|
||||
|
||||
def write_changes(module, b_lines, dest):
|
||||
|
||||
tmpfd, tmpfile = tempfile.mkstemp()
|
||||
f = os.fdopen(tmpfd, 'wb')
|
||||
f.writelines(b_lines)
|
||||
f.close()
|
||||
|
||||
validate = module.params.get('validate', None)
|
||||
valid = not validate
|
||||
if validate:
|
||||
if "%s" not in validate:
|
||||
module.fail_json(msg="validate must contain %%s: %s" % (validate))
|
||||
(rc, out, err) = module.run_command(to_bytes(validate % tmpfile, errors='surrogate_or_strict'))
|
||||
valid = rc == 0
|
||||
if rc != 0:
|
||||
module.fail_json(msg='failed to validate: '
|
||||
'rc:%s error:%s' % (rc, err))
|
||||
if valid:
|
||||
module.atomic_move(tmpfile,
|
||||
to_native(os.path.realpath(to_bytes(dest, errors='surrogate_or_strict')), errors='surrogate_or_strict'),
|
||||
unsafe_writes=module.params['unsafe_writes'])
|
||||
|
||||
|
||||
def check_file_attrs(module, changed, message, diff):
|
||||
|
||||
file_args = module.load_file_common_arguments(module.params)
|
||||
if module.set_fs_attributes_if_different(file_args, False, diff=diff):
|
||||
|
||||
if changed:
|
||||
message += " and "
|
||||
changed = True
|
||||
message += "ownership, perms or SE linux context changed"
|
||||
|
||||
return message, changed
|
||||
|
||||
|
||||
#Merge dict d2 into dict d1 and return a new object
|
||||
def deepmerge(d1, d2):
|
||||
if d1 is None:
|
||||
return copy.deepcopy(d2)
|
||||
if d2 is None:
|
||||
return copy.deepcopy(d1)
|
||||
if d1 == d2:
|
||||
return copy.deepcopy(d1)
|
||||
if isinstance(d1, dict) and isinstance(d2, dict):
|
||||
result={}
|
||||
for key in set(d1.keys()+d2.keys()):
|
||||
da = db = None
|
||||
if key in d1:
|
||||
da = d1[key]
|
||||
if key in d2:
|
||||
db = d2[key]
|
||||
result[key] = deepmerge(da, db)
|
||||
return result
|
||||
else:
|
||||
return copy.deepcopy(d2)
|
||||
|
||||
|
||||
#Remove dict d2 from dict d1 and return a new object
|
||||
def deepdiff(d1, d2):
|
||||
if d1 is None or d2 is None:
|
||||
return None
|
||||
if d1 == d2:
|
||||
return None
|
||||
if isinstance(d1, dict) and isinstance(d2, dict):
|
||||
result = {}
|
||||
for key in d1.keys():
|
||||
if key in d2:
|
||||
dd = deepdiff(d1[key],d2[key])
|
||||
if dd is not None:
|
||||
result[key] = dd
|
||||
else:
|
||||
result[key] = d1[key]
|
||||
return result
|
||||
else:
|
||||
return None
|
||||
|
||||
|
||||
def present(module, dest, conf, merge, create, backup):
|
||||
|
||||
diff = {'before': '',
|
||||
'after': '',
|
||||
'before_header': '%s (content)' % dest,
|
||||
'after_header': '%s (content)' % dest}
|
||||
|
||||
b_dest = to_bytes(dest, errors='surrogate_or_strict')
|
||||
if not os.path.exists(b_dest):
|
||||
if not create:
|
||||
module.fail_json(rc=257, msg='Destination %s does not exist !' % dest)
|
||||
b_destpath = os.path.dirname(b_dest)
|
||||
if not os.path.exists(b_destpath) and not module.check_mode:
|
||||
os.makedirs(b_destpath)
|
||||
b_lines = []
|
||||
else:
|
||||
f = open(b_dest, 'rb')
|
||||
b_lines = f.readlines()
|
||||
f.close()
|
||||
|
||||
lines = to_native(b('').join(b_lines))
|
||||
|
||||
if module._diff:
|
||||
diff['before'] = lines
|
||||
|
||||
b_conf = to_bytes(conf, errors='surrogate_or_strict')
|
||||
|
||||
jsonconfig = json.loads(lines)
|
||||
config = eval(b_conf)
|
||||
|
||||
if not isinstance(config, dict):
|
||||
module.fail_json(msg="Invalid value in json parameter: {0}".format(config))
|
||||
|
||||
b_lines_new = b_lines
|
||||
msg = ''
|
||||
changed = False
|
||||
|
||||
if not merge:
|
||||
if jsonconfig != config:
|
||||
b_lines_new = to_bytes(json.dumps(config, sort_keys=True, indent=4, separators=(',', ': ')))
|
||||
msg = 'config overwritten'
|
||||
changed = True
|
||||
else:
|
||||
mergedconfig = deepmerge(jsonconfig,config)
|
||||
if jsonconfig != mergedconfig:
|
||||
b_lines_new = to_bytes(json.dumps(mergedconfig, sort_keys=True, indent=4, separators=(',', ': ')))
|
||||
msg = 'config merged'
|
||||
changed = True
|
||||
|
||||
if module._diff:
|
||||
diff['after'] = to_native(b('').join(b_lines_new))
|
||||
|
||||
backupdest = ""
|
||||
if changed and not module.check_mode:
|
||||
if backup and os.path.exists(b_dest):
|
||||
backupdest = module.backup_local(dest)
|
||||
write_changes(module, b_lines_new, dest)
|
||||
|
||||
if module.check_mode and not os.path.exists(b_dest):
|
||||
module.exit_json(changed=changed, msg=msg, backup=backupdest, diff=diff)
|
||||
|
||||
attr_diff = {}
|
||||
msg, changed = check_file_attrs(module, changed, msg, attr_diff)
|
||||
|
||||
attr_diff['before_header'] = '%s (file attributes)' % dest
|
||||
attr_diff['after_header'] = '%s (file attributes)' % dest
|
||||
|
||||
difflist = [diff, attr_diff]
|
||||
module.exit_json(changed=changed, msg=msg, backup=backupdest, diff=difflist)
|
||||
|
||||
|
||||
def absent(module, dest, conf, backup):
|
||||
|
||||
b_dest = to_bytes(dest, errors='surrogate_or_strict')
|
||||
if not os.path.exists(b_dest):
|
||||
module.exit_json(changed=False, msg="file not present")
|
||||
|
||||
msg = ''
|
||||
diff = {'before': '',
|
||||
'after': '',
|
||||
'before_header': '%s (content)' % dest,
|
||||
'after_header': '%s (content)' % dest}
|
||||
|
||||
f = open(b_dest, 'rb')
|
||||
b_lines = f.readlines()
|
||||
f.close()
|
||||
|
||||
lines = to_native(b('').join(b_lines))
|
||||
b_conf = to_bytes(conf, errors='surrogate_or_strict')
|
||||
|
||||
lines = to_native(b('').join(b_lines))
|
||||
jsonconfig = json.loads(lines)
|
||||
config = eval(b_conf)
|
||||
|
||||
if not isinstance(config, dict):
|
||||
module.fail_json(msg="Invalid value in json parameter: {0}".format(config))
|
||||
|
||||
if module._diff:
|
||||
diff['before'] = to_native(b('').join(b_lines))
|
||||
|
||||
b_lines_new = b_lines
|
||||
msg = ''
|
||||
changed = False
|
||||
|
||||
diffconfig = deepdiff(jsonconfig,config)
|
||||
if diffconfig is None:
|
||||
diffconfig = {}
|
||||
if jsonconfig != diffconfig:
|
||||
b_lines_new = to_bytes(json.dumps(diffconfig, sort_keys=True, indent=4, separators=(',', ': ')))
|
||||
msg = 'config removed'
|
||||
changed = True
|
||||
|
||||
if module._diff:
|
||||
diff['after'] = to_native(b('').join(b_lines_new))
|
||||
|
||||
backupdest = ""
|
||||
if changed and not module.check_mode:
|
||||
if backup:
|
||||
backupdest = module.backup_local(dest)
|
||||
write_changes(module, b_lines_new, dest)
|
||||
|
||||
attr_diff = {}
|
||||
msg, changed = check_file_attrs(module, changed, msg, attr_diff)
|
||||
|
||||
attr_diff['before_header'] = '%s (file attributes)' % dest
|
||||
attr_diff['after_header'] = '%s (file attributes)' % dest
|
||||
|
||||
difflist = [diff, attr_diff]
|
||||
|
||||
module.exit_json(changed=changed, msg=msg, backup=backupdest, diff=difflist)
|
||||
|
||||
|
||||
def main():
|
||||
|
||||
# define the available arguments/parameters that a user can pass to
|
||||
# the module
|
||||
module_args = dict(
|
||||
dest=dict(type='str', required=True),
|
||||
json=dict(default=None, required=True),
|
||||
merge=dict(type='bool', default=True),
|
||||
state=dict(default='present', choices=['absent', 'present']),
|
||||
create=dict(type='bool', default=False),
|
||||
backup=dict(type='bool', default=False),
|
||||
validate=dict(default=None, type='str')
|
||||
)
|
||||
|
||||
# the AnsibleModule object will be our abstraction working with Ansible
|
||||
# this includes instantiation, a couple of common attr would be the
|
||||
# args/params passed to the execution, as well as if the module
|
||||
# supports check mode
|
||||
module = AnsibleModule(
|
||||
argument_spec=module_args,
|
||||
add_file_common_args=True,
|
||||
supports_check_mode=True
|
||||
)
|
||||
|
||||
params = module.params
|
||||
create = params['create']
|
||||
merge = params['merge']
|
||||
backup = params['backup']
|
||||
dest = params['dest']
|
||||
|
||||
b_dest = to_bytes(dest, errors='surrogate_or_strict')
|
||||
|
||||
if os.path.isdir(b_dest):
|
||||
module.fail_json(rc=256, msg='Destination %s is a directory !' % dest)
|
||||
|
||||
conf = params['json']
|
||||
|
||||
if params['state'] == 'present':
|
||||
present(module, dest, conf, merge, create, backup)
|
||||
else:
|
||||
absent(module, dest, conf, backup)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Update
|
||||
jsonconfig: "dest='{{destination}}' json='{{jsonconfig}}' state={{(remove | default(false) | bool) | ternary('absent','present')}}"
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Download file if necessary
|
||||
when: source | regex_search('^https?://')
|
||||
get_url: "url={{source}} dest={{localdir}}/{{source | basename | regex_replace('\\?.*$','')}}"
|
||||
register: downloaded
|
||||
connection: local
|
||||
run_once: yes
|
||||
become: no
|
||||
|
||||
- name: Figure out file source
|
||||
set_fact:
|
||||
compiledsource: "{{ (downloaded.skipped is defined) | ternary(source, downloaded.dest) }}"
|
||||
connection: local
|
||||
become: no
|
||||
|
||||
- name: Extract file to destination
|
||||
when: compiledsource | regex_search('\\.(zip|tar|tar\\.gz|tgz|tb2|tbz|tbz2|tar\\.bz2|txz|tar\\.xz)$')
|
||||
register: extractcopy
|
||||
unarchive:
|
||||
src: "{{compiledsource}}"
|
||||
dest: "{{destination}}"
|
||||
|
||||
- name: Copy non-zipped file to destination
|
||||
when: extractcopy.skipped is defined
|
||||
copy: "src='{{compiledsource}}' dest='{{destination}}'"
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
|
||||
- name: start service
|
||||
service: "name={{service}} state=started"
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
---
|
||||
|
||||
- name: application service status
|
||||
command: "service {{service}} status"
|
||||
changed_when: false
|
||||
register: status
|
||||
|
||||
- name: Result
|
||||
debug: var=status.stdout_lines
|
||||
|
||||
#- name: tendermint service status
|
||||
# when: service != 'tendermint'
|
||||
# command: "service {{service}}-server status"
|
||||
# changed_when: false
|
||||
# register: tendermintstatus
|
||||
|
||||
#- name: Result
|
||||
# when: service != 'tendermint'
|
||||
# debug: var=tendermintstatus.stdout_lines
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
|
||||
- name: stop service
|
||||
service: "name={{service}} state=stopped"
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
destination: /etc/{{service}}/config.toml
|
||||
|
|
@ -1,386 +0,0 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
ANSIBLE_METADATA = {
|
||||
'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'
|
||||
}
|
||||
|
||||
DOCUMENTATION = '''
|
||||
---
|
||||
module: tomlconfig
|
||||
|
||||
short_description: Ensure a particular configuration is added to a toml-formatted configuration file
|
||||
|
||||
version_added: "2.4"
|
||||
|
||||
description:
|
||||
- This module will add configuration to a toml-formatted configuration file.
|
||||
|
||||
options:
|
||||
dest:
|
||||
description:
|
||||
- The file to modify.
|
||||
required: true
|
||||
aliases: [ name, destfile ]
|
||||
json:
|
||||
description:
|
||||
- The configuration in json format to apply. Either C(json) or C(toml) has to be present.
|
||||
required: false
|
||||
default: '{}'
|
||||
toml:
|
||||
description:
|
||||
- The configuration in toml format to apply. Either C(json) or C(toml) has to be present.
|
||||
default: ''
|
||||
merge:
|
||||
description:
|
||||
- Used with C(state=present). If specified, it will merge the configuration. Othwerwise
|
||||
the configuration will be overwritten.
|
||||
required: false
|
||||
choices: [ "yes", "no" ]
|
||||
default: "yes"
|
||||
state:
|
||||
description:
|
||||
- Whether the configuration should be there or not.
|
||||
required: false
|
||||
choices: [ present, absent ]
|
||||
default: "present"
|
||||
create:
|
||||
description:
|
||||
- Used with C(state=present). If specified, the file will be created
|
||||
if it does not already exist. By default it will fail if the file
|
||||
is missing.
|
||||
required: false
|
||||
choices: [ "yes", "no" ]
|
||||
default: "no"
|
||||
backup:
|
||||
description:
|
||||
- Create a backup file including the timestamp information so you can
|
||||
get the original file back if you somehow clobbered it incorrectly.
|
||||
required: false
|
||||
choices: [ "yes", "no" ]
|
||||
default: "no"
|
||||
others:
|
||||
description:
|
||||
- All arguments accepted by the M(file) module also work here.
|
||||
required: false
|
||||
|
||||
extends_documentation_fragment:
|
||||
- files
|
||||
- validate
|
||||
|
||||
author:
|
||||
- "Greg Szabo (@greg-szabo)"
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
# Add a new section to a toml file
|
||||
- name: Add comment section
|
||||
tomlconfig:
|
||||
dest: /etc/config.toml
|
||||
json: '{ "comment": { "comment1": "mycomment" } }'
|
||||
|
||||
# Rewrite a toml file with the configuration
|
||||
- name: Create or overwrite config.toml
|
||||
tomlconfig:
|
||||
dest: /etc/config.toml
|
||||
json: '{ "regedit": { "freshfile": true } }'
|
||||
merge: no
|
||||
create: yes
|
||||
|
||||
'''
|
||||
|
||||
RETURN = '''
|
||||
changed:
|
||||
description: True if the configuration changed.
|
||||
type: bool
|
||||
msg:
|
||||
description: Description of the change
|
||||
type: str
|
||||
'''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.six import b
|
||||
from ansible.module_utils._text import to_bytes, to_native
|
||||
import tempfile
|
||||
import toml as pytoml
|
||||
import json
|
||||
import copy
|
||||
import os
|
||||
|
||||
def write_changes(module, b_lines, dest):
|
||||
|
||||
tmpfd, tmpfile = tempfile.mkstemp()
|
||||
f = os.fdopen(tmpfd, 'wb')
|
||||
f.writelines(b_lines)
|
||||
f.close()
|
||||
|
||||
validate = module.params.get('validate', None)
|
||||
valid = not validate
|
||||
if validate:
|
||||
if "%s" not in validate:
|
||||
module.fail_json(msg="validate must contain %%s: %s" % (validate))
|
||||
(rc, out, err) = module.run_command(to_bytes(validate % tmpfile, errors='surrogate_or_strict'))
|
||||
valid = rc == 0
|
||||
if rc != 0:
|
||||
module.fail_json(msg='failed to validate: '
|
||||
'rc:%s error:%s' % (rc, err))
|
||||
if valid:
|
||||
module.atomic_move(tmpfile,
|
||||
to_native(os.path.realpath(to_bytes(dest, errors='surrogate_or_strict')), errors='surrogate_or_strict'),
|
||||
unsafe_writes=module.params['unsafe_writes'])
|
||||
|
||||
|
||||
def check_file_attrs(module, changed, message, diff):
|
||||
|
||||
file_args = module.load_file_common_arguments(module.params)
|
||||
if module.set_fs_attributes_if_different(file_args, False, diff=diff):
|
||||
|
||||
if changed:
|
||||
message += " and "
|
||||
changed = True
|
||||
message += "ownership, perms or SE linux context changed"
|
||||
|
||||
return message, changed
|
||||
|
||||
|
||||
#Merge dict d2 into dict d1 and return a new object
|
||||
def deepmerge(d1, d2):
|
||||
if d1 is None:
|
||||
return copy.deepcopy(d2)
|
||||
if d2 is None:
|
||||
return copy.deepcopy(d1)
|
||||
if d1 == d2:
|
||||
return copy.deepcopy(d1)
|
||||
if isinstance(d1, dict) and isinstance(d2, dict):
|
||||
result={}
|
||||
for key in set(d1.keys()+d2.keys()):
|
||||
da = db = None
|
||||
if key in d1:
|
||||
da = d1[key]
|
||||
if key in d2:
|
||||
db = d2[key]
|
||||
result[key] = deepmerge(da, db)
|
||||
return result
|
||||
else:
|
||||
return copy.deepcopy(d2)
|
||||
|
||||
|
||||
#Remove dict d2 from dict d1 and return a new object
|
||||
def deepdiff(d1, d2):
|
||||
if d1 is None or d2 is None:
|
||||
return None
|
||||
if d1 == d2:
|
||||
return None
|
||||
if isinstance(d1, dict) and isinstance(d2, dict):
|
||||
result = {}
|
||||
for key in d1.keys():
|
||||
if key in d2:
|
||||
dd = deepdiff(d1[key],d2[key])
|
||||
if dd is not None:
|
||||
result[key] = dd
|
||||
else:
|
||||
result[key] = d1[key]
|
||||
return result
|
||||
else:
|
||||
return None
|
||||
|
||||
|
||||
def present(module, dest, conf, jsonbool, merge, create, backup):
|
||||
|
||||
diff = {'before': '',
|
||||
'after': '',
|
||||
'before_header': '%s (content)' % dest,
|
||||
'after_header': '%s (content)' % dest}
|
||||
|
||||
b_dest = to_bytes(dest, errors='surrogate_or_strict')
|
||||
if not os.path.exists(b_dest):
|
||||
if not create:
|
||||
module.fail_json(rc=257, msg='Destination %s does not exist !' % dest)
|
||||
b_destpath = os.path.dirname(b_dest)
|
||||
if not os.path.exists(b_destpath) and not module.check_mode:
|
||||
os.makedirs(b_destpath)
|
||||
b_lines = []
|
||||
else:
|
||||
f = open(b_dest, 'rb')
|
||||
b_lines = f.readlines()
|
||||
f.close()
|
||||
|
||||
lines = to_native(b('').join(b_lines))
|
||||
|
||||
if module._diff:
|
||||
diff['before'] = lines
|
||||
|
||||
b_conf = to_bytes(conf, errors='surrogate_or_strict')
|
||||
|
||||
tomlconfig = pytoml.loads(lines)
|
||||
config = {}
|
||||
if jsonbool:
|
||||
config = eval(b_conf)
|
||||
else:
|
||||
config = pytoml.loads(b_conf)
|
||||
|
||||
if not isinstance(config, dict):
|
||||
if jsonbool:
|
||||
module.fail_json(msg="Invalid value in json parameter: {0}".format(config))
|
||||
else:
|
||||
module.fail_json(msg="Invalid value in toml parameter: {0}".format(config))
|
||||
|
||||
b_lines_new = b_lines
|
||||
msg = ''
|
||||
changed = False
|
||||
|
||||
if not merge:
|
||||
if tomlconfig != config:
|
||||
b_lines_new = to_bytes(pytoml.dumps(config))
|
||||
msg = 'config overwritten'
|
||||
changed = True
|
||||
else:
|
||||
mergedconfig = deepmerge(tomlconfig,config)
|
||||
if tomlconfig != mergedconfig:
|
||||
b_lines_new = to_bytes(pytoml.dumps(mergedconfig))
|
||||
msg = 'config merged'
|
||||
changed = True
|
||||
|
||||
if module._diff:
|
||||
diff['after'] = to_native(b('').join(b_lines_new))
|
||||
|
||||
backupdest = ""
|
||||
if changed and not module.check_mode:
|
||||
if backup and os.path.exists(b_dest):
|
||||
backupdest = module.backup_local(dest)
|
||||
write_changes(module, b_lines_new, dest)
|
||||
|
||||
if module.check_mode and not os.path.exists(b_dest):
|
||||
module.exit_json(changed=changed, msg=msg, backup=backupdest, diff=diff)
|
||||
|
||||
attr_diff = {}
|
||||
msg, changed = check_file_attrs(module, changed, msg, attr_diff)
|
||||
|
||||
attr_diff['before_header'] = '%s (file attributes)' % dest
|
||||
attr_diff['after_header'] = '%s (file attributes)' % dest
|
||||
|
||||
difflist = [diff, attr_diff]
|
||||
module.exit_json(changed=changed, msg=msg, backup=backupdest, diff=difflist)
|
||||
|
||||
|
||||
def absent(module, dest, conf, jsonbool, backup):
|
||||
|
||||
b_dest = to_bytes(dest, errors='surrogate_or_strict')
|
||||
if not os.path.exists(b_dest):
|
||||
module.exit_json(changed=False, msg="file not present")
|
||||
|
||||
msg = ''
|
||||
diff = {'before': '',
|
||||
'after': '',
|
||||
'before_header': '%s (content)' % dest,
|
||||
'after_header': '%s (content)' % dest}
|
||||
|
||||
f = open(b_dest, 'rb')
|
||||
b_lines = f.readlines()
|
||||
f.close()
|
||||
|
||||
lines = to_native(b('').join(b_lines))
|
||||
b_conf = to_bytes(conf, errors='surrogate_or_strict')
|
||||
|
||||
lines = to_native(b('').join(b_lines))
|
||||
tomlconfig = pytoml.loads(lines)
|
||||
config = {}
|
||||
if jsonbool:
|
||||
config = eval(b_conf)
|
||||
else:
|
||||
config = pytoml.loads(b_conf)
|
||||
|
||||
if not isinstance(config, dict):
|
||||
if jsonbool:
|
||||
module.fail_json(msg="Invalid value in json parameter: {0}".format(config))
|
||||
else:
|
||||
module.fail_json(msg="Invalid value in toml parameter: {0}".format(config))
|
||||
|
||||
if module._diff:
|
||||
diff['before'] = to_native(b('').join(b_lines))
|
||||
|
||||
b_lines_new = b_lines
|
||||
msg = ''
|
||||
changed = False
|
||||
|
||||
diffconfig = deepdiff(tomlconfig,config)
|
||||
if diffconfig is None:
|
||||
diffconfig = {}
|
||||
if tomlconfig != diffconfig:
|
||||
b_lines_new = to_bytes(pytoml.dumps(diffconfig))
|
||||
msg = 'config removed'
|
||||
changed = True
|
||||
|
||||
if module._diff:
|
||||
diff['after'] = to_native(b('').join(b_lines_new))
|
||||
|
||||
backupdest = ""
|
||||
if changed and not module.check_mode:
|
||||
if backup:
|
||||
backupdest = module.backup_local(dest)
|
||||
write_changes(module, b_lines_new, dest)
|
||||
|
||||
attr_diff = {}
|
||||
msg, changed = check_file_attrs(module, changed, msg, attr_diff)
|
||||
|
||||
attr_diff['before_header'] = '%s (file attributes)' % dest
|
||||
attr_diff['after_header'] = '%s (file attributes)' % dest
|
||||
|
||||
difflist = [diff, attr_diff]
|
||||
|
||||
module.exit_json(changed=changed, msg=msg, backup=backupdest, diff=difflist)
|
||||
|
||||
|
||||
def main():
|
||||
|
||||
# define the available arguments/parameters that a user can pass to
|
||||
# the module
|
||||
module_args = dict(
|
||||
dest=dict(type='str', required=True),
|
||||
json=dict(default=None),
|
||||
toml=dict(default=None),
|
||||
merge=dict(type='bool', default=True),
|
||||
state=dict(default='present', choices=['absent', 'present']),
|
||||
create=dict(type='bool', default=False),
|
||||
backup=dict(type='bool', default=False),
|
||||
validate=dict(default=None, type='str')
|
||||
)
|
||||
|
||||
# the AnsibleModule object will be our abstraction working with Ansible
|
||||
# this includes instantiation, a couple of common attr would be the
|
||||
# args/params passed to the execution, as well as if the module
|
||||
# supports check mode
|
||||
module = AnsibleModule(
|
||||
argument_spec=module_args,
|
||||
mutually_exclusive=[['json', 'toml']],
|
||||
add_file_common_args=True,
|
||||
supports_check_mode=True
|
||||
)
|
||||
|
||||
params = module.params
|
||||
create = params['create']
|
||||
merge = params['merge']
|
||||
backup = params['backup']
|
||||
dest = params['dest']
|
||||
|
||||
b_dest = to_bytes(dest, errors='surrogate_or_strict')
|
||||
|
||||
if os.path.isdir(b_dest):
|
||||
module.fail_json(rc=256, msg='Destination %s is a directory !' % dest)
|
||||
|
||||
par_json, par_toml, jsonbool = params['json'], params['toml'], False
|
||||
if par_json is None:
|
||||
conf = par_toml
|
||||
else:
|
||||
conf = par_json
|
||||
jsonbool = True
|
||||
|
||||
if params['state'] == 'present':
|
||||
present(module, dest, conf, jsonbool, merge, create, backup)
|
||||
else:
|
||||
absent(module, dest, conf, jsonbool, backup)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Update config.toml with json
|
||||
when: jsonconfig is defined
|
||||
tomlconfig: "dest='{{destination}}' json='{{jsonconfig}}' state={{(remove | default(false) | bool) | ternary('absent','present')}}"
|
||||
|
||||
- name: Update config.toml with toml
|
||||
when: tomlconfig is defined
|
||||
tomlconfig: "dest='{{destination}}' toml='{{tomlconfig}}' state={{(remove | default(false) | bool) | ternary('absent','present')}}"
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
- shell: "ethermint --datadir /etc/ethermint unsafe_reset_all"
|
||||
when: "service == 'ethermint'"
|
||||
become_user: ethermint
|
||||
|
||||
- command: "{{service}} node unsafe_reset_all --home=/etc/{{service}}"
|
||||
become_user: "{{service}}"
|
||||
|
||||
- file: "path=/etc/{{service}}/config/addrbook.json state=absent"
|
||||
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
|
||||
#variable "source" is required
|
||||
#variable "destination" is required
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}:tag_Environment_{{ lookup('env','TF_VAR_TESTNET_NAME') | regex_replace('-','_') }}"
|
||||
gather_facts: no
|
||||
roles:
|
||||
- setfile
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
|
||||
#variable "service" is required
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}:tag_Environment_{{ lookup('env','TF_VAR_TESTNET_NAME') | regex_replace('-','_') }}"
|
||||
roles:
|
||||
- start
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
|
||||
#variable "service" is required
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}:tag_Environment_{{ lookup('env','TF_VAR_TESTNET_NAME') | regex_replace('-','_') }}"
|
||||
roles:
|
||||
- status
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
|
||||
#variable "service" is required
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}:tag_Environment_{{ lookup('env','TF_VAR_TESTNET_NAME') | regex_replace('-','_') }}"
|
||||
roles:
|
||||
- stop
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
|
||||
#variable "service" is required
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}:tag_Environment_{{ lookup('env','TF_VAR_TESTNET_NAME') | regex_replace('-','_') }}"
|
||||
roles:
|
||||
- tomlconfig
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
#Ubuntu 16.04 is not installing the python package in the standard installation on DigitalOcean. This "patch" will install it so the rest of the ansible playbooks can work properly.
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}:tag_Environment_{{ lookup('env','TF_VAR_TESTNET_NAME') | regex_replace('-','_') }}"
|
||||
gather_facts: no
|
||||
tasks:
|
||||
- raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
|
||||
#variable "service" is required
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}:tag_Environment_{{ lookup('env','TF_VAR_TESTNET_NAME') | regex_replace('-','_') }}"
|
||||
roles:
|
||||
- stop
|
||||
- install
|
||||
- unsafe_reset
|
||||
- start
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
|
||||
#variable "service" is required
|
||||
|
||||
- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}"
|
||||
roles:
|
||||
- stop
|
||||
- install
|
||||
- start
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
cluster/networking.tf
|
||||
networking-output.tf
|
||||
|
|
@ -1,111 +0,0 @@
|
|||
Using Terraform
|
||||
===============
|
||||
|
||||
This is a generic `Terraform <https://www.terraform.io/>`__
|
||||
configuration that sets up DigitalOcean droplets. See the
|
||||
`terraform-digitalocean <https://github.com/tendermint/tools/tree/master/terraform-digitalocean>`__
|
||||
for the required files.
|
||||
|
||||
Prerequisites
|
||||
-------------
|
||||
|
||||
- Install `HashiCorp Terraform <https://www.terraform.io>`__ on a linux
|
||||
machine.
|
||||
- Create a `DigitalOcean API
|
||||
token <https://cloud.digitalocean.com/settings/api/tokens>`__ with
|
||||
read and write capability.
|
||||
- Create a private/public key pair for SSH. This is needed to log onto
|
||||
your droplets as well as by Ansible to connect for configuration
|
||||
changes.
|
||||
- Set up the public SSH key at the `DigitalOcean security
|
||||
page <https://cloud.digitalocean.com/settings/security>`__.
|
||||
`Here <https://www.digitalocean.com/community/tutorials/how-to-use-ssh-keys-with-digitalocean-droplets>`__'s
|
||||
a tutorial.
|
||||
- Find out your SSH key ID at DigitalOcean by querying the below
|
||||
command on your linux box:
|
||||
|
||||
::
|
||||
|
||||
DO_API_TOKEN="<The API token received from DigitalOcean>"
|
||||
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $DO_API_TOKEN" "https://api.digitalocean.com/v2/account/keys"
|
||||
|
||||
Initialization
|
||||
--------------
|
||||
|
||||
If this is your first time using terraform, you have to initialize it by
|
||||
running the below command. (Note: initialization can be run multiple
|
||||
times)
|
||||
|
||||
::
|
||||
|
||||
terraform init
|
||||
|
||||
After initialization it's good measure to create a new Terraform
|
||||
environment for the droplets so they are always managed together.
|
||||
|
||||
::
|
||||
|
||||
TESTNET_NAME="testnet-servers"
|
||||
terraform env new "$TESTNET_NAME"
|
||||
|
||||
Note this ``terraform env`` command is only available in terraform
|
||||
``v0.9`` and up.
|
||||
|
||||
Execution
|
||||
---------
|
||||
|
||||
The below command will create 4 nodes in DigitalOcean. They will be
|
||||
named ``testnet-servers-node0`` to ``testnet-servers-node3`` and they
|
||||
will be tagged as ``testnet-servers``.
|
||||
|
||||
::
|
||||
|
||||
DO_API_TOKEN="<The API token received from DigitalOcean>"
|
||||
SSH_IDS="[ \"<The SSH ID received from the curl call above.>\" ]"
|
||||
terraform apply -var TESTNET_NAME="testnet-servers" -var servers=4 -var DO_API_TOKEN="$DO_API_TOKEN" -var ssh_keys="$SSH_IDS"
|
||||
|
||||
Note: ``ssh_keys`` is a list of strings. You can add multiple keys. For
|
||||
example: ``["1234567","9876543"]``.
|
||||
|
||||
Alternatively you can use the default settings. The number of default
|
||||
servers is 4 and the testnet name is ``tf-testnet1``. Variables can also
|
||||
be defined as environment variables instead of the command-line.
|
||||
Environment variables that start with ``TF_VAR_`` will be translated
|
||||
into the Terraform configuration. For example the number of servers can
|
||||
be overriden by setting the ``TF_VAR_servers`` variable.
|
||||
|
||||
::
|
||||
|
||||
TF_VAR_DO_API_TOKEN="<The API token received from DigitalOcean>"
|
||||
TF_VAR_TESTNET_NAME="testnet-servers"
|
||||
terraform-apply
|
||||
|
||||
Security
|
||||
--------
|
||||
|
||||
DigitalOcean uses the root user by default on its droplets. This is fine
|
||||
as long as SSH keys are used. However some people still would like to
|
||||
disable root and use an alternative user to connect to the droplets -
|
||||
then ``sudo`` from there. Terraform can do this but it requires SSH
|
||||
agent running on the machine where terraform is run, with one of the SSH
|
||||
keys of the droplets added to the agent. (This will be neede for ansible
|
||||
too, so it's worth setting it up here. Check out the
|
||||
`ansible <https://github.com/tendermint/tools/tree/master/ansible>`__
|
||||
page for more information.) After setting up the SSH key, run
|
||||
``terraform apply`` with ``-var noroot=true`` to create your droplets.
|
||||
Terraform will create a user called ``ec2-user`` and move the SSH keys
|
||||
over, this way disabling SSH login for root. It also adds the
|
||||
``ec2-user`` to the sudoers file, so after logging in as ec2-user you
|
||||
can ``sudo`` to ``root``.
|
||||
|
||||
DigitalOcean announced firewalls but the current version of Terraform
|
||||
(0.9.8 as of this writing) does not support it yet. Fortunately it is
|
||||
quite easy to set it up through the web interface (and not that bad
|
||||
through the `RESTful
|
||||
API <https://developers.digitalocean.com/documentation/v2/#firewalls>`__
|
||||
either). When adding droplets to a firewall rule, you can add tags. All
|
||||
droplets in a testnet are tagged with the testnet name so it's enough to
|
||||
define the testnet name in the firewall rule. It is not necessary to add
|
||||
the nodes one-by-one. Also, the firewall rule "remembers" the testnet
|
||||
name tag so if you change the servers but keep the name, the firewall
|
||||
rules will still apply.
|
|
@ -1,23 +0,0 @@
|
|||
resource "digitalocean_tag" "cluster" {
|
||||
name = "${var.name}"
|
||||
}
|
||||
|
||||
resource "digitalocean_droplet" "cluster" {
|
||||
name = "${var.name}-node${count.index}"
|
||||
image = "${var.image_id}"
|
||||
size = "${var.instance_size}"
|
||||
region = "${element(var.regions, count.index)}"
|
||||
ssh_keys = "${var.key_ids}"
|
||||
count = "${var.servers}"
|
||||
tags = ["${digitalocean_tag.cluster.id}"]
|
||||
|
||||
lifecycle = {
|
||||
prevent_destroy = false
|
||||
}
|
||||
|
||||
connection {
|
||||
timeout = "30s"
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
// The cluster name
|
||||
output "name" {
|
||||
value = "${var.name}"
|
||||
}
|
||||
|
||||
// The list of cluster instance IDs
|
||||
output "instances" {
|
||||
value = ["${digitalocean_droplet.cluster.*.id}"]
|
||||
}
|
||||
|
||||
// The list of cluster instance private IPs
|
||||
output "private_ips" {
|
||||
value = ["${digitalocean_droplet.cluster.*.ipv4_address_private}"]
|
||||
}
|
||||
|
||||
// The list of cluster instance public IPs
|
||||
output "public_ips" {
|
||||
value = ["${digitalocean_droplet.cluster.*.ipv4_address}"]
|
||||
}
|
||||
|
||||
#// The list of cluster floating IPs
|
||||
#output "floating_ips" {
|
||||
# value = ["${digitalocean_floating_ip.cluster.*.ip_address}"]
|
||||
#}
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
resource "null_resource" "cluster" {
|
||||
count = "${ var.noroot ? var.servers : 0 }"
|
||||
connection {
|
||||
host = "${element(digitalocean_droplet.cluster.*.ipv4_address,count.index)}"
|
||||
}
|
||||
provisioner "remote-exec" {
|
||||
inline = [
|
||||
"useradd -m -s /bin/bash ec2-user",
|
||||
"echo 'ec2-user ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/ec2-user",
|
||||
"cp -r /root/.ssh /home/ec2-user/.ssh",
|
||||
"chown -R ec2-user.ec2-user /home/ec2-user/.ssh",
|
||||
"chmod -R 700 /home/ec2-user/.ssh",
|
||||
"rm -rf /root/.ssh"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
variable "name" {
|
||||
description = "The cluster name, e.g cdn"
|
||||
}
|
||||
|
||||
variable "image_id" {
|
||||
description = "Image ID"
|
||||
default = "ubuntu-16-04-x64"
|
||||
}
|
||||
|
||||
variable "regions" {
|
||||
description = "Regions to launch in"
|
||||
type = "list"
|
||||
default = ["AMS2", "FRA1", "LON1", "NYC3", "SFO2", "SGP1", "TOR1"]
|
||||
}
|
||||
|
||||
variable "key_ids" {
|
||||
description = "SSH keys to use on the nodes"
|
||||
type = "list"
|
||||
}
|
||||
|
||||
variable "instance_size" {
|
||||
description = "The instance size to use"
|
||||
default = "2gb"
|
||||
}
|
||||
|
||||
variable "servers" {
|
||||
description = "Desired instance count"
|
||||
default = 4
|
||||
}
|
||||
|
||||
variable "noroot" {
|
||||
description = "Set this variable to true, if you want SSH keys set for ec2-user instead of root."
|
||||
default = false
|
||||
}
|
||||
|
|
@ -1,64 +0,0 @@
|
|||
#Terraform Configuration
|
||||
|
||||
variable "DO_API_TOKEN" {
|
||||
description = "DigitalOcean Access Token"
|
||||
}
|
||||
|
||||
variable "TESTNET_NAME" {
|
||||
description = "Name of the cluster/testnet"
|
||||
default = "tf-testnet1"
|
||||
}
|
||||
|
||||
variable "ssh_keys" {
|
||||
description = "SSH keys provided in DigitalOcean to be used on the nodes"
|
||||
# curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $DO_API_TOKEN" "https://api.digitalocean.com/v2/account/keys"
|
||||
default = [
|
||||
"6259615",
|
||||
"7658963",
|
||||
"7668263",
|
||||
"7668264",
|
||||
"8036767",
|
||||
"8163311",
|
||||
"9495227",
|
||||
"10318834",
|
||||
"11435493"
|
||||
]
|
||||
}
|
||||
|
||||
variable "servers" {
|
||||
description = "Number of nodes in cluster"
|
||||
default = "4"
|
||||
}
|
||||
|
||||
variable "image" {
|
||||
description = "DigitalOcean image name"
|
||||
default = "ubuntu-16-04-x64"
|
||||
}
|
||||
|
||||
variable "noroot" {
|
||||
description = "Set this variable to true, if you want SSH keys set for ec2-user instead of root."
|
||||
default = false
|
||||
}
|
||||
|
||||
provider "digitalocean" {
|
||||
token = "${var.DO_API_TOKEN}"
|
||||
}
|
||||
|
||||
module "cluster" {
|
||||
source = "./cluster"
|
||||
name = "${var.TESTNET_NAME}"
|
||||
key_ids = "${var.ssh_keys}"
|
||||
servers = "${var.servers}"
|
||||
noroot = "${var.noroot}"
|
||||
image_id = "${var.image}"
|
||||
}
|
||||
|
||||
|
||||
output "public_ips" {
|
||||
value = "${module.cluster.public_ips}"
|
||||
}
|
||||
|
||||
#output "floating_ips" {
|
||||
# value = "${module.cluster.floating_ips}"
|
||||
#}
|
||||
|
Loading…
Reference in New Issue