add initial playbooks

ansible/bootstrap.yml

@@ -0,0 +1,21 @@
+---
+#
+# This playbook configures most basic things about the hosts:
+#
+# - Admin and Additional users
+# - Disables root login
+# - Installs Common packages
+# - Starts Consul client agent
+#
+# This is run on every newly provisioned host.
+#
+- name: Bootstrap Python support for Ansible
+  gather_facts: False
+  hosts: all
+  roles:
+    - infra-role-bootstrap/raw
+
+- name: Bootstrap admin users and Consul
+  hosts: all
+  roles:
+    - infra-role-bootstrap

ansible/clean_les.yml

@@ -0,0 +1,23 @@
+- name: Configure LES Geth nodes
+  hosts:
+    - les-main
+    - les-rops
+  gather_facts: false
+  tasks:
+    - name: Stop LES container
+      docker_container:
+        name: les-geth-full
+        state: stopped
+
+    - name: Clear LES data
+      file:
+        path: '/data/{{ item }}'
+        state: absent
+      with_items:
+        - geth
+        - geth.ipc
+
+    - name: Start LES container
+      docker_container:
+        name: les-geth-full
+        state: started

ansible/cleanup.yml

@@ -0,0 +1,42 @@
+- name: Cleanup to regain disk space
+  hosts: all
+  tasks:
+    - name: Save available space
+      set_fact:
+        free_before: '{{ ansible_mounts | selectattr("mount", "equalto", "/") | map(attribute="size_available") | first }}'
+
+    - name: Clean apt packages
+      apt:
+        autoremove: true
+        purge: true
+
+    - name: Uninstall snapd
+      apt:
+        name: snapd
+        state: absent
+
+    - name: Remove snapd files
+      file:
+        path: '/var/lib/snapd'
+        state: absent
+
+    - name: Remove logs older than 1 day
+      command: journalctl --vacuum-time=1d
+
+    - name: Remove log gzipped archives
+      shell: 'rm -f /var/log/*.gz /var/log/docker/*/*.gz'
+
+    - name: Remove old backups
+      shell: 'rm -f /var/tmp/backups/*/*'
+
+    - name: Gather space info
+      setup:
+        gather_subset: 'hardware'
+
+    - name: Save available space
+      set_fact:
+        free_after: '{{ ansible_mounts | selectattr("mount", "equalto", "/") | map(attribute="size_available") | first }}'
+
+    - name: Show space recovered
+      debug:
+        msg: '~ {{ ((free_after|int - free_before|int)/(1024*1024)) | round | int }} MB'

ansible/group_vars/all.yml

@@ -0,0 +1,9 @@
+---
+# general container config
+cont_state: started
+cont_recreate: false
+cont_restart: false
+
+# OAuth2 provided by Google
+oauth2_proxy_port: 8090
+oauth2_proxy_image: 'statusteam/oauth2-proxy:2.2.0'

ansible/group_vars/les-main.yml

@@ -0,0 +1,3 @@
+---
+# Run les-main.misc fleet on Mainnet
+geth_network: 1

ansible/group_vars/les-rops.yml

@@ -0,0 +1,3 @@
+---
+# Run les-rops.misc fleet on Ropsten
+geth_network: 3

ansible/main.yml

@@ -0,0 +1,7 @@
+---
+- name: Configure LES Geth nodes
+  hosts:
+    - les-main
+    - les-rops
+  roles:
+    - les-geth-full

ansible/requirements.yml

@@ -0,0 +1,7 @@
+- name: infra-role-bootstrap
+  src: git@github.com:status-im/infra-role-bootstrap.git
+  scm: git
+
+- name: consul-service
+  src: git@github.com:status-im/infra-role-consul-service.git
+  scm: git

ansible/terraform.py

@@ -0,0 +1,113 @@
+#! /usr/bin/env python2
+
+import json
+import os
+import re
+import subprocess
+import sys
+
+TERRAFORM_PATH = os.environ.get('ANSIBLE_TF_BIN', 'terraform')
+TERRAFORM_DIR = os.environ.get('ANSIBLE_TF_DIR', os.getcwd())
+
+def _extract_dict(attrs, key):
+    out = {}
+    for k in attrs.keys():
+        match = re.match(r"^" + key + r"\.(.*)", k)
+        if not match or match.group(1) == "%":
+            continue
+
+        out[match.group(1)] = attrs[k]
+    return out
+
+def _extract_list(attrs, key):
+    out = []
+
+    length_key = key + ".#"
+    if length_key not in attrs.keys():
+        return []
+
+    length = int(attrs[length_key])
+    if length < 1:
+        return []
+
+    for i in range(0, length):
+        out.append(attrs["{}.{}".format(key, i)])
+
+    return out
+
+def _init_group(children=None, hosts=None, vars=None):
+    return {
+        "hosts": [] if hosts is None else hosts,
+        "vars": {} if vars is None else vars,
+        "children": [] if children is None else children
+    }
+
+def _add_host(inventory, hostname, groups, host_vars):
+    inventory["_meta"]["hostvars"][hostname] = host_vars
+    for group in groups:
+        if group not in inventory.keys():
+            inventory[group] = _init_group(hosts=[hostname])
+        elif hostname not in inventory[group]:
+            inventory[group]["hosts"].append(hostname)
+
+def _add_group(inventory, group_name, children, group_vars):
+    if group_name not in inventory.keys():
+        inventory[group_name] = _init_group(children=children, vars=group_vars)
+    else:
+        # Start out with support for only one "group" with a given name
+        # If there's a second group by the name, last in wins
+        inventory[group_name]["children"] = children
+        inventory[group_name]["vars"] = group_vars
+
+def _init_inventory():
+    return {
+        "all": _init_group(),
+        "_meta": {
+            "hostvars": {}
+        }
+    }
+
+def _handle_host(attrs, inventory):
+    host_vars = _extract_dict(attrs, "vars")
+    groups = _extract_list(attrs, "groups")
+    hostname = attrs["inventory_hostname"]
+
+    if "all" not in groups:
+        groups.append("all")
+
+    _add_host(inventory, hostname, groups, host_vars)
+
+def _handle_group(attrs, inventory):
+    group_vars = _extract_dict(attrs, "vars")
+    children = _extract_list(attrs, "children")
+    group_name = attrs["inventory_group_name"]
+
+    _add_group(inventory, group_name, children, group_vars)
+
+def _walk_state(tfstate, inventory):
+    for module in tfstate["modules"]:
+        for resource in module["resources"].values():
+            if not resource["type"].startswith("ansible_"):
+                continue
+
+            attrs = resource["primary"]["attributes"]
+
+            if resource["type"] == "ansible_host":
+                _handle_host(attrs, inventory)
+            if resource["type"] == "ansible_group":
+                _handle_group(attrs, inventory)
+
+    return inventory
+
+def _main():
+    try:
+        tf_command = [TERRAFORM_PATH, 'state', 'pull', '-input=false']
+        proc = subprocess.Popen(tf_command, cwd=TERRAFORM_DIR, stdout=subprocess.PIPE)
+        tfstate = json.load(proc.stdout)
+        inventory = _walk_state(tfstate, _init_inventory())
+        sys.stdout.write(json.dumps(inventory, indent=2))
+    except:
+        sys.exit(1)
+
+if __name__ == '__main__':
+    _main()

ansible/upgrade.yml

@@ -0,0 +1,12 @@
+- name: Update and upgrade apt packages
+  gather_facts: false
+  hosts: all
+  tasks:
+    - name: Upgrade packages
+      apt:
+        upgrade: yes
+        update_cache: yes
+        cache_valid_time: 86400 #One day
+    - name: Remove unused packages
+      apt:
+        autoremove: yes