distribute-validators: role to copy over validators and secrets

Signed-off-by: Jakub Sokołowski <jakub@status.im>

ansible/group_vars/nimbus.test.yml

@@ -26,3 +26,7 @@ beacon_node_discovery_port: '9100'
 # resource limits
 beacon_node_mem_limit: '{{ (ansible_memtotal_mb * 0.60) | int }}'
 beacon_node_mem_reserve: '{{ (ansible_memtotal_mb * 0.4) | int }}'
+
+# Validators --------------------------
+dist_validators_name: '{{ beacon_node_network }}_deposits'
+dist_validators_data_path: '{{ beacon_node_cont_vol }}/data/{{ beacon_node_data_folder }}'

ansible/nimbus.yml

@@ -41,5 +41,9 @@
   vars:
     beacon_node_network: 'toledo'
     beacon_node_repo_branch: 'devel'
+    dist_validators_layout:
+        "toledo-01.aws-eu-central-1a.nimbus.test": { start: 0, end: 1024 }
+        "toledo-02.aws-eu-central-1a.nimbus.test": { start: 1024, end: 2047 }
   roles:
+    - { role: distribute-validators,  tags: [ distribute-validators ] }
     - { role: infra-role-beacon-node, tags: [ infra-role-beacon-node, beacon-node ] }

ansible/roles/distribute-validators/README.md

@@ -0,0 +1,9 @@
+# Description
+
+This role copies secrets and validators required for testnets to which Nimbus beacon nodes contribute.
+
+# Details
+
+You can read about validators and secrets here:
+https://status-im.github.io/nimbus-eth2/faq.html#what-exactly-is-a-validator
+https://status-im.github.io/nimbus-eth2/keys.html#storage

ansible/roles/distribute-validators/defaults/main.yml

@@ -0,0 +1,13 @@
+---
+dist_validators_repo_url: 'git@github.com:status-im/nimbus-private.git'
+dist_validators_repo_rev: 'master'
+dist_validators_repo_user: 'admin'
+dist_validators_repo_path: '/home/{{ dist_validators_repo_user }}/distribute-validators'
+
+dist_validators_data_path: ~
+dist_validators_name: ~
+dist_validators_layout:
+#  - { hostname: 'node-01', start: 0, end: 1023 }
+#  - { hostname: 'node-01', start: 1024, end: 2047 }
+#
+dist_validators_range: '{{ dist_validators_layout[hostname] }}'

ansible/roles/distribute-validators/tasks/main.yml

@@ -0,0 +1,70 @@
+---
+#- name: Clone repo with secrets/validators
+#  git:
+#    repo: '{{ dist_validators_repo_url }}'
+#    dest: '{{ dist_validators_repo_path }}'
+#    version: '{{ dist_validators_repo_rev }}'
+#    update: true
+#    force: true
+#    accept_hostkey: true
+#  become_user: '{{ dist_validators_repo_user }}'
+
+- name: Find all validators
+  find:
+    paths: '{{ dist_validators_repo_path }}/{{ dist_validators_name | mandatory }}/validators'
+    file_type: directory
+    recurse: true
+    depth: 1
+  register: found_validators_raw
+
+- name: Find all secrets
+  find:
+    paths: '{{ dist_validators_repo_path }}/{{ dist_validators_name | mandatory }}/secrets'
+    file_type: file
+    recurse: true
+    depth: 1
+  register: found_secrets_raw
+
+- name: Extract file paths
+  set_fact:
+    found_validators: '{{ found_validators_raw.files | map(attribute="path") | list }}'
+    found_secrets: '{{ found_secrets_raw.files | map(attribute="path") | list }}'
+
+- name: Verify number of validators and secrets matches
+  assert:
+    that: '{{ (found_validators|length) == (found_secrets|length) }}'
+
+- name: Create validators/secrets folders
+  file:
+    path: '{{ item }}'
+    state: 'directory'
+    owner: dockremap
+    group: docker
+    mode: 0750
+  with_items:
+    - '{{ dist_validators_data_path }}/validators'
+    - '{{ dist_validators_data_path }}/secrets'
+
+- name: Copy over validators
+  command: |
+    rsync -ru \
+    {{ found_validators[dist_validators_range["start"]:dist_validators_range["end"]] | join(" ") }} \
+    '{{ dist_validators_data_path }}/validators/'
+
+- name: Copy over secrets
+  command: |
+    rsync -ru \
+    {{ found_secrets[dist_validators_range["start"]:dist_validators_range["end"]] | join(" ") }} \
+    '{{ dist_validators_data_path }}/secrets/'
+
+- name: Adjust validators permissions
+  file:
+    path: '{{ item }}'
+    state: 'directory'
+    owner: 'dockremap'
+    group: 'docker'
+    mode: 0750
+    recurse: true
+  with_items:
+    - '{{ dist_validators_data_path }}/validators'
+    - '{{ dist_validators_data_path }}/secrets'