From 5bfaa61b730369191467731fbab992a96cc491d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= Date: Tue, 10 Nov 2020 12:24:12 +0100 Subject: [PATCH] distribute-validators: role to copy over validators and secrets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jakub SokoĊ‚owski --- ansible/group_vars/nimbus.test.yml | 4 ++ ansible/nimbus.yml | 4 ++ ansible/roles/distribute-validators/README.md | 9 +++ .../distribute-validators/defaults/main.yml | 13 ++++ .../distribute-validators/tasks/main.yml | 70 +++++++++++++++++++ 5 files changed, 100 insertions(+) create mode 100644 ansible/roles/distribute-validators/README.md create mode 100644 ansible/roles/distribute-validators/defaults/main.yml create mode 100644 ansible/roles/distribute-validators/tasks/main.yml diff --git a/ansible/group_vars/nimbus.test.yml b/ansible/group_vars/nimbus.test.yml index e0a6a6d..86cc4ec 100644 --- a/ansible/group_vars/nimbus.test.yml +++ b/ansible/group_vars/nimbus.test.yml @@ -26,3 +26,7 @@ beacon_node_discovery_port: '9100' # resource limits beacon_node_mem_limit: '{{ (ansible_memtotal_mb * 0.60) | int }}' beacon_node_mem_reserve: '{{ (ansible_memtotal_mb * 0.4) | int }}' + +# Validators -------------------------- +dist_validators_name: '{{ beacon_node_network }}_deposits' +dist_validators_data_path: '{{ beacon_node_cont_vol }}/data/{{ beacon_node_data_folder }}' diff --git a/ansible/nimbus.yml b/ansible/nimbus.yml index e6d08a5..519018b 100644 --- a/ansible/nimbus.yml +++ b/ansible/nimbus.yml @@ -41,5 +41,9 @@ vars: beacon_node_network: 'toledo' beacon_node_repo_branch: 'devel' + dist_validators_layout: + "toledo-01.aws-eu-central-1a.nimbus.test": { start: 0, end: 1024 } + "toledo-02.aws-eu-central-1a.nimbus.test": { start: 1024, end: 2047 } roles: + - { role: distribute-validators, tags: [ distribute-validators ] } - { role: infra-role-beacon-node, tags: [ infra-role-beacon-node, beacon-node ] } diff --git a/ansible/roles/distribute-validators/README.md b/ansible/roles/distribute-validators/README.md new file mode 100644 index 0000000..7266b0a --- /dev/null +++ b/ansible/roles/distribute-validators/README.md @@ -0,0 +1,9 @@ +# Description + +This role copies secrets and validators required for testnets to which Nimbus beacon nodes contribute. + +# Details + +You can read about validators and secrets here: +https://status-im.github.io/nimbus-eth2/faq.html#what-exactly-is-a-validator +https://status-im.github.io/nimbus-eth2/keys.html#storage diff --git a/ansible/roles/distribute-validators/defaults/main.yml b/ansible/roles/distribute-validators/defaults/main.yml new file mode 100644 index 0000000..c8c1fa1 --- /dev/null +++ b/ansible/roles/distribute-validators/defaults/main.yml @@ -0,0 +1,13 @@ +--- +dist_validators_repo_url: 'git@github.com:status-im/nimbus-private.git' +dist_validators_repo_rev: 'master' +dist_validators_repo_user: 'admin' +dist_validators_repo_path: '/home/{{ dist_validators_repo_user }}/distribute-validators' + +dist_validators_data_path: ~ +dist_validators_name: ~ +dist_validators_layout: +# - { hostname: 'node-01', start: 0, end: 1023 } +# - { hostname: 'node-01', start: 1024, end: 2047 } +# +dist_validators_range: '{{ dist_validators_layout[hostname] }}' diff --git a/ansible/roles/distribute-validators/tasks/main.yml b/ansible/roles/distribute-validators/tasks/main.yml new file mode 100644 index 0000000..0eb1e7d --- /dev/null +++ b/ansible/roles/distribute-validators/tasks/main.yml @@ -0,0 +1,70 @@ +--- +#- name: Clone repo with secrets/validators +# git: +# repo: '{{ dist_validators_repo_url }}' +# dest: '{{ dist_validators_repo_path }}' +# version: '{{ dist_validators_repo_rev }}' +# update: true +# force: true +# accept_hostkey: true +# become_user: '{{ dist_validators_repo_user }}' + +- name: Find all validators + find: + paths: '{{ dist_validators_repo_path }}/{{ dist_validators_name | mandatory }}/validators' + file_type: directory + recurse: true + depth: 1 + register: found_validators_raw + +- name: Find all secrets + find: + paths: '{{ dist_validators_repo_path }}/{{ dist_validators_name | mandatory }}/secrets' + file_type: file + recurse: true + depth: 1 + register: found_secrets_raw + +- name: Extract file paths + set_fact: + found_validators: '{{ found_validators_raw.files | map(attribute="path") | list }}' + found_secrets: '{{ found_secrets_raw.files | map(attribute="path") | list }}' + +- name: Verify number of validators and secrets matches + assert: + that: '{{ (found_validators|length) == (found_secrets|length) }}' + +- name: Create validators/secrets folders + file: + path: '{{ item }}' + state: 'directory' + owner: dockremap + group: docker + mode: 0750 + with_items: + - '{{ dist_validators_data_path }}/validators' + - '{{ dist_validators_data_path }}/secrets' + +- name: Copy over validators + command: | + rsync -ru \ + {{ found_validators[dist_validators_range["start"]:dist_validators_range["end"]] | join(" ") }} \ + '{{ dist_validators_data_path }}/validators/' + +- name: Copy over secrets + command: | + rsync -ru \ + {{ found_secrets[dist_validators_range["start"]:dist_validators_range["end"]] | join(" ") }} \ + '{{ dist_validators_data_path }}/secrets/' + +- name: Adjust validators permissions + file: + path: '{{ item }}' + state: 'directory' + owner: 'dockremap' + group: 'docker' + mode: 0750 + recurse: true + with_items: + - '{{ dist_validators_data_path }}/validators' + - '{{ dist_validators_data_path }}/secrets'