mirror of https://github.com/poanetwork/gecko.git
parent
777afed793
commit
74588da411
|
@ -1,3 +0,0 @@
|
||||||
staking_tls_key_file: "{{ repo_folder }}/keys/staker.key"
|
|
||||||
staking_tls_csr_file: "{{ repo_folder }}/keys/staker.csr"
|
|
||||||
staking_tls_cert_file: "{{ repo_folder }}/keys/staker.crt"
|
|
|
@ -1,31 +0,0 @@
|
||||||
- name: Create staker key
|
|
||||||
openssl_privatekey:
|
|
||||||
path: "{{ staking_tls_key_file }}"
|
|
||||||
type: RSA
|
|
||||||
size: 4096
|
|
||||||
|
|
||||||
- name: Create staker certificate request
|
|
||||||
openssl_csr:
|
|
||||||
path: "{{ staking_tls_csr_file }}"
|
|
||||||
C: US
|
|
||||||
ST: NY
|
|
||||||
O: Avalabs
|
|
||||||
CN: ava
|
|
||||||
privatekey_path: "{{ staking_tls_key_file }}"
|
|
||||||
digest: sha256
|
|
||||||
# genStaker.sh doesn't include a subjectAltName in the signing request.
|
|
||||||
# If subject_alt_name isn't specified, then Ansible defaults to using
|
|
||||||
# the CN as the SAN.
|
|
||||||
use_common_name_for_san: false
|
|
||||||
|
|
||||||
# genStaker.sh generates a certificate valid for 365250 days (1000 years).
|
|
||||||
# That duration is not replicated here, because specifying a relative
|
|
||||||
# time to ownca_not_after would make this task non-idempotent.
|
|
||||||
- name: Create staker certificate
|
|
||||||
openssl_certificate:
|
|
||||||
path: "{{ staking_tls_cert_file }}"
|
|
||||||
csr_path: "{{ staking_tls_csr_file }}"
|
|
||||||
ownca_path: "{{ repo_folder }}/keys/rootCA.crt"
|
|
||||||
ownca_privatekey_path: "{{ repo_folder }}/keys/rootCA.key"
|
|
||||||
ownca_digest: sha256
|
|
||||||
provider: ownca
|
|
|
@ -1,6 +1,8 @@
|
||||||
ava_daemon_bin_dir: "/usr/bin"
|
ava_daemon_bin_dir: "/usr/bin"
|
||||||
ava_daemon_data_dir: "/var/lib/{{ ava_daemon_user }}"
|
ava_daemon_data_dir: "/var/lib/{{ ava_daemon_user }}"
|
||||||
ava_daemon_db_dir: "{{ ava_daemon_data_dir }}/db"
|
ava_daemon_db_dir: "{{ ava_daemon_data_dir }}/db"
|
||||||
ava_daemon_keys_dir: "{{ ava_daemon_data_dir }}/keys"
|
|
||||||
ava_daemon_log_dir: "/var/log/ava"
|
ava_daemon_log_dir: "/var/log/ava"
|
||||||
ava_daemon_plugin_dir: "/usr/lib/ava/plugins"
|
ava_daemon_plugin_dir: "/usr/lib/ava/plugins"
|
||||||
|
ava_daemon_staking_dir: "{{ ava_daemon_data_dir }}/staking"
|
||||||
|
ava_daemon_staking_tls_cert: "{{ ava_daemon_staking_dir }}/staker.crt"
|
||||||
|
ava_daemon_staking_tls_key: "{{ ava_daemon_staking_dir }}/staker.key"
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
loop:
|
loop:
|
||||||
- path: "{{ ava_daemon_data_dir }}"
|
- path: "{{ ava_daemon_data_dir }}"
|
||||||
mode: u=rwX,go=rX
|
mode: u=rwX,go=rX
|
||||||
- path: "{{ ava_daemon_keys_dir }}"
|
- path: "{{ ava_daemon_staking_dir }}"
|
||||||
mode: u=rX,go=
|
mode: u=rX,go=
|
||||||
- path: "{{ ava_daemon_log_dir }}"
|
- path: "{{ ava_daemon_log_dir }}"
|
||||||
mode: u=rwX,go=rX
|
mode: u=rwX,go=rX
|
||||||
|
@ -49,20 +49,3 @@
|
||||||
- path: "{{ repo_folder }}/build/plugins/evm"
|
- path: "{{ repo_folder }}/build/plugins/evm"
|
||||||
notify:
|
notify:
|
||||||
- Restart AVA service
|
- Restart AVA service
|
||||||
|
|
||||||
- name: Install staking files
|
|
||||||
become: true
|
|
||||||
copy:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ ava_daemon_keys_dir }}"
|
|
||||||
owner: "{{ ava_daemon_user }}"
|
|
||||||
group: "{{ ava_daemon_group }}"
|
|
||||||
mode: "{{ item.mode }}"
|
|
||||||
remote_src: true
|
|
||||||
loop:
|
|
||||||
- src: "{{ staking_tls_key_file }}"
|
|
||||||
mode: u=r,go=
|
|
||||||
- src: "{{ staking_tls_cert_file }}"
|
|
||||||
mode: ugo=r
|
|
||||||
notify:
|
|
||||||
- Restart AVA service
|
|
||||||
|
|
|
@ -17,7 +17,9 @@ ExecStart={{ ava_daemon_bin_dir }}/ava \
|
||||||
--db-dir="{{ ava_daemon_db_dir }}" \
|
--db-dir="{{ ava_daemon_db_dir }}" \
|
||||||
--plugin-dir="{{ ava_daemon_plugin_dir }}" \
|
--plugin-dir="{{ ava_daemon_plugin_dir }}" \
|
||||||
--log-dir="{{ ava_daemon_log_dir }}" \
|
--log-dir="{{ ava_daemon_log_dir }}" \
|
||||||
--log-level="{{ log_level }}"
|
--log-level="{{ log_level }}" \
|
||||||
|
--staking-tls-cert-file="{{ ava_daemon_staking_tls_cert }}" \
|
||||||
|
--staking-tls-key-file="{{ ava_daemon_staking_tls_key }}"
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
- name: ava-base
|
- name: ava-base
|
||||||
- name: gopath
|
- name: gopath
|
||||||
- name: ava-build
|
- name: ava-build
|
||||||
- name: ava-certs
|
|
||||||
- name: ava-user
|
- name: ava-user
|
||||||
- name: ava-install
|
- name: ava-install
|
||||||
- name: ava-service
|
- name: ava-service
|
||||||
|
|
Loading…
Reference in New Issue