add les-node playbook

ansible/roles/les-node/defaults/main.yml

@@ -0,0 +1,28 @@
+---
+geth_image: 'ethereum/client-go:v1.8.17'
+geth_name: 'les-geth-full'
+
+# container beaviour
+cont_state: started
+cont_restart: false
+cont_recreate: false
+
+geth_vol: '/docker/{{ geth_name }}'
+geth_keys: '{{ geth_vol }}/keys'
+# RPC port of administration
+geth_rpc_port: 8545
+# 1=Frontier, 2=Morden (disused), 3=Ropsten, 4=Rinkeby
+geth_network: 3
+# Maximum percentage of time allowed for serving LES requests (0-90)
+geth_light_serv: 90
+# Maximum number of LES client peers (default: 100)
+geth_light_peers: 200
+# Port to listen on
+geth_port: 30303
+# Memory to use
+geth_cache: 1536
+
+# resources limits to avoid killing the host
+cont_mem_ratio: 0.7
+cont_mem_limit: '{{ (ansible_memtotal_mb * cont_mem_ratio|float) | int }}'
+cont_swap_limit: '{{ (cont_mem_limit|int) + (ansible_swaptotal_mb * cont_mem_ratio|float) | int }}'

ansible/roles/les-node/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: Save iptables rules
+  shell: iptables-save > /etc/iptables/rules.v4

ansible/roles/les-node/tasks/consul.yml

@@ -0,0 +1,36 @@
+---
+- name: Wait for LES RPC port to go up
+  wait_for:
+    host: 'localhost'
+    port: '{{ geth_rpc_port }}'
+    delay: 5
+    state: drained
+
+- name: Get enode address
+  uri:
+    url: http://localhost:{{ geth_rpc_port }}/
+    method: POST
+    body: '{"id": 1, "method": "admin_nodeInfo"}'
+    body_format: json
+    return_content: yes
+  register: node_info
+
+- name: Create Consul service definition
+  include_role: name=consul-service
+  vars:
+    consul_config_name: '{{ geth_name }}'
+    consul_services:
+      - name: '{{ geth_name }}'
+        tags: ['les', 'geth']
+        # we advertise the port with basic auth
+        port: '{{ geth_port }}'
+        meta:
+          env: '{{ env }}'
+          stage: '{{ stage }}'
+          node_addr: '{{ node_info.json.result.id }}'
+          node_enode: '{{ node_info.json.result.enode }}'
+        checks:
+          - id: '{{ geth_name }}-status'
+            name: LES Geth Health
+            type: tcp
+            tcp: 'localhost:{{ geth_port }}'

ansible/roles/les-node/tasks/container.yml

@@ -0,0 +1,34 @@
+---
+- name: Run Geth container
+  docker_container:
+    name: '{{ geth_name }}'
+    image: '{{ geth_image }}'
+    user: root
+    pull: true
+    restart_policy: always
+    state: '{{ cont_state }}'
+    recreate: '{{ cont_recreate }}'
+    restart: '{{ cont_restart }}'
+    # some limits due to statusd hogging resources
+    memory: '{{ cont_mem_limit }}m'
+    memory_swap: '{{ cont_swap_limit }}m'
+    ports:
+      - '{{ geth_port }}:{{ geth_port }}'
+      - '127.0.0.1:{{ geth_rpc_port }}:{{ geth_rpc_port }}'
+    command: |
+      --testnet
+      --networkid={{ geth_network }}
+      --cache={{ geth_cache }}
+      --port={{ geth_port }}
+      --lightserv={{ geth_light_serv }}
+      --lightpeers={{ geth_light_peers }}
+      --datadir=/data
+      --keystore=/keys
+      --nat=extip:{{ ansible_host }}
+      --rpc --rpcapi=eth,admin
+      --rpcaddr=0.0.0.0
+      --rpcport={{ geth_rpc_port }}
+    volumes:
+      - '{{ geth_vol }}/keys:/keys:rw'
+      # WARNING: This assumes /data is mounted, see bootstrap role
+      - '/data:/data:rw'

ansible/roles/les-node/tasks/firewall.yml

@@ -0,0 +1,12 @@
+---
+- name: Enable LES ports
+  iptables:
+    comment: '{{ geth_name }}'
+    jump: ACCEPT
+    action: insert
+    chain: DOCKER-USER
+    source: '0.0.0.0/0'
+    protocol: 'tcp'
+    destination_port: '{{ geth_port }}'
+  notify:
+    - Save iptables rules

ansible/roles/les-node/tasks/generate.yml

@@ -0,0 +1,31 @@
+---
+- name: Create directories for geth
+  file:
+    path: '{{ geth_keys }}'
+    state: directory
+
+- name: Find all enode files
+  find:
+    paths: '{{ geth_keys }}'
+    patterns: 'UTC--*'
+    file_type: file
+  register: account_files
+
+- name: Set Geth password to be empty
+  copy:
+    dest: '{{ geth_keys }}/password'
+    content: ''
+
+- name: Generate Geth account
+  docker_container:
+    name: '{{ geth_name }}'
+    image: '{{ geth_image }}'
+    pull: true
+    auto_remove: yes
+    command: |
+      account new
+      --keystore=/keys
+      --password=/keys/password
+    volumes:
+      - '{{ geth_vol }}/keys:/keys:rw'
+  when: account_files.files | length == 0

ansible/roles/les-node/tasks/main.yml

@@ -0,0 +1,5 @@
+---
+- include_tasks: generate.yml
+- include_tasks: container.yml
+- include_tasks: firewall.yml
+- include_tasks: consul.yml