From 7c8a33eb1bb880b7c1f47c297a7b95538bec0113 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= Date: Tue, 19 Mar 2019 12:08:13 +0100 Subject: [PATCH] add initial faucet role MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jakub SokoĊ‚owski --- ansible/roles/faucet/README.md | 12 ++++++++ ansible/roles/faucet/defaults/main.yml | 28 +++++++++++++++++ ansible/roles/faucet/handlers/main.yml | 6 ++++ ansible/roles/faucet/tasks/consul.yml | 14 +++++++++ ansible/roles/faucet/tasks/faucet.yml | 16 ++++++++++ ansible/roles/faucet/tasks/firewall.yml | 12 ++++++++ ansible/roles/faucet/tasks/geth.yml | 30 +++++++++++++++++++ ansible/roles/faucet/tasks/main.yml | 6 ++++ ansible/roles/faucet/tasks/proxy.yml | 13 ++++++++ .../faucet/templates/faucet-proxy.conf.j2 | 18 +++++++++++ 10 files changed, 155 insertions(+) create mode 100644 ansible/roles/faucet/README.md create mode 100644 ansible/roles/faucet/defaults/main.yml create mode 100644 ansible/roles/faucet/handlers/main.yml create mode 100644 ansible/roles/faucet/tasks/consul.yml create mode 100644 ansible/roles/faucet/tasks/faucet.yml create mode 100644 ansible/roles/faucet/tasks/firewall.yml create mode 100644 ansible/roles/faucet/tasks/geth.yml create mode 100644 ansible/roles/faucet/tasks/main.yml create mode 100644 ansible/roles/faucet/tasks/proxy.yml create mode 100644 ansible/roles/faucet/templates/faucet-proxy.conf.j2 diff --git a/ansible/roles/faucet/README.md b/ansible/roles/faucet/README.md new file mode 100644 index 0000000..c85935b --- /dev/null +++ b/ansible/roles/faucet/README.md @@ -0,0 +1,12 @@ +# Description + +This role configures the [faucet](https://github.com/status-im/faucet) service which provides a REST API for receiving funds from our Ropsten and Rinkeby miner cluster. + +# Configuration + +The only required settings are: +```yaml +faucet_account_pass: 'very-secret-password' +faucet_network: 'rinkeby-faucet.example.org' +faucet_domain: 'rinkeby' +``` diff --git a/ansible/roles/faucet/defaults/main.yml b/ansible/roles/faucet/defaults/main.yml new file mode 100644 index 0000000..8ce8d6f --- /dev/null +++ b/ansible/roles/faucet/defaults/main.yml @@ -0,0 +1,28 @@ +--- +# map of network IDs +miner_network_ids: + frontier: 1 + morden: 2 + ropsten: 3 + rinkeby: 4 + +faucet_account_pass: ~ +faucet_domain: ~ +faucet_network: ~ +faucet_network_id: '{{ faucet_network_ids[faucet_network] | mandatory }}' + +faucet_cont_tag: 'latest' +faucet_cont_image: 'statusteam/faucet:{{ miner_cont_tag }}' +faucet_cont_name: 'faucet-api' +faucet_http_port: 3001 + +faucet_geth_tag: 'v1.8.23' +faucet_geth_image: 'ethereum/client-go:{{ faucet_geth_tag }}' +faucet_geth_name: 'faucet-geth' +faucet_geth_vol: '/docker/{{ faucet_geth_name }}' +faucet_geth_rpc_port: 8454 + +# generic container settings +cont_state: started +cont_recreate: false +cont_restart: false diff --git a/ansible/roles/faucet/handlers/main.yml b/ansible/roles/faucet/handlers/main.yml new file mode 100644 index 0000000..bb5d7e5 --- /dev/null +++ b/ansible/roles/faucet/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Save iptables rules + shell: iptables-save > /etc/iptables/rules.v4 + +- name: reload nginx + service: name=nginx state=reloaded diff --git a/ansible/roles/faucet/tasks/consul.yml b/ansible/roles/faucet/tasks/consul.yml new file mode 100644 index 0000000..dccb3c4 --- /dev/null +++ b/ansible/roles/faucet/tasks/consul.yml @@ -0,0 +1,14 @@ +--- +- name: 'Consul service definition - {{ faucet_cont_name }}' + include_role: name=consul-service + vars: + consul_config_name: '{{ faucet_cont_name | replace("-", "_") }}' + consul_services: + - id: '{{ faucet_cont_name }}' + name: '{{ faucet_cont_name }}' + port: '{{ faucet_http_port }}' + tags: ['{{ env }}.{{ stage }}', 'faucet'] + checks: + - id: faucet-http-health + type: http + script: 'http://127.0.0.1:{{ faucet_http_port }}/faucet-info' diff --git a/ansible/roles/faucet/tasks/faucet.yml b/ansible/roles/faucet/tasks/faucet.yml new file mode 100644 index 0000000..a48fda9 --- /dev/null +++ b/ansible/roles/faucet/tasks/faucet.yml @@ -0,0 +1,16 @@ +--- +- name: Create faucet container + docker_container: + name: '{{ faucet_cont_name }}' + image: '{{ faucet_cont_image }}' + user: root + pull: true + restart_policy: always + state: '{{ cont_state }}' + recreate: '{{ cont_recreate }}' + restart: '{{ cont_restart }}' + ports: + - '127.0.0.1:{{ faucet_http_port | mandatory }}:{{ faucet_http_port }}' + command: | + -network={{ faucet_network | mandatory }} + -acc_pass={{ faucet_account_pass | mandatory }} diff --git a/ansible/roles/faucet/tasks/firewall.yml b/ansible/roles/faucet/tasks/firewall.yml new file mode 100644 index 0000000..bda6dc7 --- /dev/null +++ b/ansible/roles/faucet/tasks/firewall.yml @@ -0,0 +1,12 @@ +--- +- name: Enable faucet HTTP port + iptables: + comment: 'Enable faucet' + action: insert + chain: DOCKER-USER + jump: ACCEPT + source: '0.0.0.0/0' + protocol: tcp + destination_port: '{{ faucet_http_port }}' + notify: + - Save iptables rules diff --git a/ansible/roles/faucet/tasks/geth.yml b/ansible/roles/faucet/tasks/geth.yml new file mode 100644 index 0000000..fad07f6 --- /dev/null +++ b/ansible/roles/faucet/tasks/geth.yml @@ -0,0 +1,30 @@ +--- +- name: Create container folders + file: + path: '{{ miner_geth_vol }}/data' + state: directory + mode: 0750 + owner: dockremap + group: docker + +- name: Create faucet container + docker_container: + name: '{{ faucet_cont_name }}' + image: '{{ faucet_cont_image }}' + user: root + pull: true + restart_policy: always + state: '{{ cont_state }}' + recreate: '{{ cont_recreate }}' + restart: '{{ cont_restart }}' + command: | + --datadir=/data + --networkid={{ faucet_network_id | mandatory }} + --syncmode=light + --rpc + --rpcapi=eth + --rpcaddr=0.0.0.0 + --rpcport={{ faucet_geth_rpc_port }} + --v5disc + volumes: + - '{{ miner_geth_vol }}/data:/date' diff --git a/ansible/roles/faucet/tasks/main.yml b/ansible/roles/faucet/tasks/main.yml new file mode 100644 index 0000000..f013138 --- /dev/null +++ b/ansible/roles/faucet/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- import_tasks: geth.yml +- import_tasks: faucet.yml +- import_tasks: proxy.yml +- import_tasks: firewall.yml +- import_tasks: consul.yml diff --git a/ansible/roles/faucet/tasks/proxy.yml b/ansible/roles/faucet/tasks/proxy.yml new file mode 100644 index 0000000..6ee3cc9 --- /dev/null +++ b/ansible/roles/faucet/tasks/proxy.yml @@ -0,0 +1,13 @@ +--- +- name: 'Template proxy config: {{ faucet_cont_name }}' + template: + src: faucet-proxy.conf.j2 + dest: '/etc/nginx/sites-available/{{ faucet_cont_name }}.conf' + notify: reload nginx + +- name: 'Symlink proxy config: {{ faucet_cont_name }}' + file: + src: '/etc/nginx/sites-available/{{ faucet_cont_name }}.conf' + dest: '/etc/nginx/sites-enabled/{{ faucet_cont_name }}.conf' + state: link + notify: reload nginx diff --git a/ansible/roles/faucet/templates/faucet-proxy.conf.j2 b/ansible/roles/faucet/templates/faucet-proxy.conf.j2 new file mode 100644 index 0000000..6c78c4b --- /dev/null +++ b/ansible/roles/faucet/templates/faucet-proxy.conf.j2 @@ -0,0 +1,18 @@ +server { + listen 80; + server_name {{ faucet_domain | mandatory }}; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl; + + server_name {{ faucet_domain | mandatory }}; + + ssl_certificate /certs/origin.crt; + ssl_certificate_key /certs/origin.key; + + location / { + proxy_pass http://127.0.0.1:{{ faucet_http_port }}/; + } +}