status-im
/
infra-nimbus
mirror of https://github.com/status-im/infra-nimbus.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

move distribute-validators role to a separate repo 

https://github.com/status-im/infra-role-dist-validators

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2021-06-28 16:40:15 +02:00
parent 432623b74d
commit 5122d41a99
No known key found for this signature in database
GPG Key ID: 4EF064D0E6D63020
7 changed files with 7 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ansible/requirements.yml
View File

@ -36,12 +36,12 @@
- name: infra-role-beacon-node - name: infra-role-beacon-node
src: git@github.com:status-im/infra-role-beacon-node.git src: git@github.com:status-im/infra-role-beacon-node.git
version: a14c9afe0293196f8b3cb45e86abcbaee3078d77 version: 992c8a43a45e06bb1f43f6c440fa03c157422f99
scm: git scm: git
- name: infra-role-beacon-node-linux - name: infra-role-beacon-node-linux
src: git@github.com:status-im/infra-role-beacon-node-linux.git src: git@github.com:status-im/infra-role-beacon-node-linux.git
version: e69cebc8bd6bd5bf7f0cc1bb9ebd48a05cb31298 version: 1e640b4742222406e080a3574150fbc28767ba80
scm: git scm: git
- name: infra-role-beacon-node-windows - name: infra-role-beacon-node-windows
@ -49,6 +49,11 @@
version: 1809e84d48d31cac0b783ed3a2182fdd23e34779 version: 1809e84d48d31cac0b783ed3a2182fdd23e34779
scm: git scm: git
- name: infra-role-dist-validators
src: git@github.com:status-im/infra-role-dist-validators.git
version: f6a01c6d84294892199d8a0a4d17940afa36bf3b
scm: git
- name: infra-role-winsw - name: infra-role-winsw
src: git@github.com:status-im/infra-role-winsw.git src: git@github.com:status-im/infra-role-winsw.git
version: 97275ab7be23bd4041f110ffbd60c509d5e819f3 version: 97275ab7be23bd4041f110ffbd60c509d5e819f3

15
ansible/roles/distribute-validators/README.md
View File

@ -1,15 +0,0 @@
# Description
This role copies secrets and validators required for testnets to which Nimbus beacon nodes contribute.
# Warning
__This role does not take into account the currently existing layout of validators and secrets!__
Take into account what is already in place and which nodes are running and in what order you run this role to avoid a case in which validators on two or more nodes overlap.
# Details
You can read about validators and secrets here:
https://status-im.github.io/nimbus-eth2/faq.html#what-exactly-is-a-validator
https://status-im.github.io/nimbus-eth2/keys.html#storage

17
ansible/roles/distribute-validators/defaults/main.yml
View File

@ -1,17 +0,0 @@
---
dist_validators_repo_url: 'git@github.com:status-im/nimbus-private.git'
dist_validators_repo_rev: 'master'
dist_validators_repo_user: 'admin'
dist_validators_repo_path: '/home/{{ dist_validators_repo_user }}/distribute-validators'
dist_validators_cont_name: ~
dist_validators_data_path: ~
dist_validators_name: ~
dist_validators_path: '{{ dist_validators_repo_path }}/{{ dist_validators_name | mandatory }}/validators'
dist_validators_secrets_path: '{{ dist_validators_repo_path }}/{{ dist_validators_name | mandatory }}/secrets'
#dist_validators_layout:
# 'node-01': { start: 0, end: 1023 }
# 'node-01': { start: 1024, end: 2047 }
dist_validators_range: '{{ dist_validators_layout[hostname] | mandatory }}'

25
ansible/roles/distribute-validators/tasks/check.yml
View File

@ -1,25 +0,0 @@
---
- name: Verify number of validators and secrets matches
assert:
that: '{{ (found_validators|length) == (found_secrets|length) }}'
fail_msg: 'Number of total validators and secrets does not match!'
- name: Extract slice for host
set_fact:
new_validators: '{{ found_validators[dist_validators_range["start"]:dist_validators_range["end"]] }}'
new_secrets: '{{ found_secrets[dist_validators_range["start"]:dist_validators_range["end"]] }}'
- name: Verify that validators and secrets overlap
assert:
that: '{{ (new_validators|intersect(new_secrets)|length) == (new_validators|length) }}'
fail_msg: 'List of validators and their secrets does not overlap!'
- name: Check compare existing validators
set_fact:
secrets_diff: '{{ new_secrets|difference(old_secrets) }}'
validators_diff: '{{ new_validators|difference(old_validators) }}'
- name: Check if validators changed
set_fact:
secrets_changed: '{{ secrets_diff|length > 0 }}'
validators_changed: '{{ validators_diff|length > 0 }}'

14
ansible/roles/distribute-validators/tasks/main.yml
View File

@ -1,14 +0,0 @@
---
- name: Find new and old validators
include_tasks: read.yml
when: dist_validators_layout is defined
- name: Verify if validators changed
include_tasks: check.yml
when: dist_validators_layout is defined
- name: Copy over validators and secrets
include_tasks: write.yml
when: >
dist_validators_layout is defined and
(secrets_changed or validators_changed)

49
ansible/roles/distribute-validators/tasks/read.yml
View File

@ -1,49 +0,0 @@
---
- name: Clone repo with secrets/validators
git:
repo: '{{ dist_validators_repo_url }}'
dest: '{{ dist_validators_repo_path }}'
version: '{{ dist_validators_repo_rev }}'
update: true
force: true
accept_hostkey: true
become_user: '{{ dist_validators_repo_user }}'
- name: Find all validators
find:
paths: '{{ dist_validators_path }}'
file_type: directory
recurse: true
depth: 1
register: found_validators_raw
- name: Find all secrets
find:
paths: '{{ dist_validators_secrets_path }}'
file_type: file
recurse: true
depth: 1
register: found_secrets_raw
- name: Find old validators
find:
paths: '{{ dist_validators_data_path }}/validators'
file_type: directory
recurse: true
depth: 1
register: old_validators_raw
- name: Find old secrets
find:
paths: '{{ dist_validators_data_path }}/secrets'
file_type: file
recurse: true
depth: 1
register: old_secrets_raw
- name: Extract file paths
set_fact:
found_validators: '{{ found_validators_raw.files | map(attribute="path") | map("basename") | list | sort }}'
found_secrets: '{{ found_secrets_raw.files | map(attribute="path") | map("basename") | list | sort }}'
old_validators: '{{ old_validators_raw.files | map(attribute="path") | map("basename") | list | sort }}'
old_secrets: '{{ old_secrets_raw.files | map(attribute="path") | map("basename") | list | sort }}'

68
ansible/roles/distribute-validators/tasks/write.yml
View File

@ -1,68 +0,0 @@
---
- name: Create container folder if absent
file:
path: '/docker/{{ dist_validators_cont_name }}'
state: 'directory'
owner: dockremap
group: docker
mode: 0750
- name: Stop container if running
command: docker-compose stop
args:
chdir: '/docker/{{ dist_validators_cont_name }}'
ignore_errors: true
- name: Remove validators/secrets folders
file:
path: '{{ item }}'
state: 'absent'
with_items:
- '{{ dist_validators_data_path }}/validators'
- '{{ dist_validators_data_path }}/secrets'
- name: Create validators/secrets folders
file:
path: '{{ item }}'
state: 'directory'
owner: dockremap
group: docker
mode: 0700
with_items:
- '{{ dist_validators_data_path }}/validators'
- '{{ dist_validators_data_path }}/secrets'
- name: Copy over validators
command: |
rsync -ru --delete --exclude="slashing_protection.sqlite3*" \
{{ new_validators | join(" ") }} '{{ dist_validators_data_path }}/validators/'
args:
chdir: '{{ dist_validators_path }}'
- name: Copy over secrets
command: |
rsync -ru --delete {{ new_secrets | join(" ") }} '{{ dist_validators_data_path }}/secrets/'
args:
chdir: '{{ dist_validators_secrets_path }}'
- name: Adjust folder owner and group
command: chown dockremap:docker -R {{ dist_validators_data_path }}
args: { warn: false }
- name: Adjust validators dir permissions
shell: chmod 0700 -R {{ dist_validators_data_path }}/validators/*
args: { warn: false }
- name: Adjust validators file permissions
shell: find '{{ dist_validators_data_path }}/validators/' -type f -exec chmod 0600 {} \;
args: { warn: false }
- name: Adjust secrets permissions
shell: chmod 0600 -R {{ dist_validators_data_path }}/secrets/*
args: { warn: false }
- name: Restart container
command: docker-compose start
args:
chdir: '/docker/{{ dist_validators_cont_name }}'
ignore_errors: true