infra-nimbus/ansible/roles/distribute-validators/tasks/main.yml

74 lines
2.2 KiB
YAML
Raw Normal View History

---
#- name: Clone repo with secrets/validators
# git:
# repo: '{{ dist_validators_repo_url }}'
# dest: '{{ dist_validators_repo_path }}'
# version: '{{ dist_validators_repo_rev }}'
# update: true
# force: true
# accept_hostkey: true
# become_user: '{{ dist_validators_repo_user }}'
- name: Find all validators
find:
paths: '{{ dist_validators_repo_path }}/{{ dist_validators_name | mandatory }}/validators'
file_type: directory
recurse: true
depth: 1
register: found_validators_raw
- name: Find all secrets
find:
paths: '{{ dist_validators_repo_path }}/{{ dist_validators_name | mandatory }}/secrets'
file_type: file
recurse: true
depth: 1
register: found_secrets_raw
- name: Extract file paths
set_fact:
found_validators: '{{ found_validators_raw.files | map(attribute="path") | list | sort }}'
found_secrets: '{{ found_secrets_raw.files | map(attribute="path") | list | sort }}'
- name: Verify number of validators and secrets matches
assert:
that: '{{ (found_validators|length) == (found_secrets|length) }}'
- name: Create validators/secrets folders
file:
path: '{{ item }}'
state: 'directory'
owner: dockremap
group: docker
mode: 0750
with_items:
- '{{ dist_validators_data_path }}/validators'
- '{{ dist_validators_data_path }}/secrets'
- name: Copy over validators
command: |
rsync -ru --delete --exclude="slashing_protection.sqlite3*" \
{{ found_validators[dist_validators_range["start"]:dist_validators_range["end"]] | join(" ") }} \
'{{ dist_validators_data_path }}/validators/'
- name: Copy over secrets
command: |
rsync -ru \
{{ found_secrets[dist_validators_range["start"]:dist_validators_range["end"]] | join(" ") }} \
'{{ dist_validators_data_path }}/secrets/'
- name: Adjust validators dir permissions
shell: chmod 0700 -R '{{ dist_validators_data_path }}/validators'
args:
warn: false
- name: Adjust validators file permissions
shell: find '{{ dist_validators_data_path }}/validators/' -type f -exec chmod 0600 {} \;
args:
warn: false
- name: Adjust secrets permissions
shell: chmod 0600 -R '{{ dist_validators_data_path }}/secrets'
args:
warn: false