2020-11-17 14:01:21 +01:00

87 lines
2.6 KiB
YAML

---
- name: Clone repo with secrets/validators
git:
repo: '{{ dist_validators_repo_url }}'
dest: '{{ dist_validators_repo_path }}'
version: '{{ dist_validators_repo_rev }}'
update: true
force: true
accept_hostkey: true
become_user: '{{ dist_validators_repo_user }}'
- name: Find all validators
find:
paths: '{{ dist_validators_path }}'
file_type: directory
recurse: true
depth: 1
register: found_validators_raw
- name: Find all secrets
find:
paths: '{{ dist_validators_secrets_path }}'
file_type: file
recurse: true
depth: 1
register: found_secrets_raw
- name: Extract file paths
set_fact:
found_validators: '{{ found_validators_raw.files | map(attribute="path") | map("basename") | list | sort }}'
found_secrets: '{{ found_secrets_raw.files | map(attribute="path") | map("basename") | list | sort }}'
- name: Verify number of validators and secrets matches
assert:
that: '{{ (found_validators|length) == (found_secrets|length) }}'
fail_msg: 'Number of total validators and secrets does not match!'
- name: Extract slice for host
set_fact:
host_validators: '{{ found_validators[dist_validators_range["start"]:dist_validators_range["end"]] }}'
host_secrets: '{{ found_secrets[dist_validators_range["start"]:dist_validators_range["end"]] }}'
- name: Verify that validators and secrets overlap
assert:
that: '{{ (host_validators|intersect(host_secrets)|length) == (host_validators|length) }}'
fail_msg: 'List of validators and their secrets does not overlap!'
- name: Create validators/secrets folders
file:
path: '{{ item }}'
state: 'directory'
owner: dockremap
group: docker
mode: 0700
with_items:
- '{{ dist_validators_data_path }}/validators'
- '{{ dist_validators_data_path }}/secrets'
- name: Copy over validators
command: |
rsync -ru --delete --exclude="slashing_protection.sqlite3*" \
{{ host_validators | join(" ") }} '{{ dist_validators_data_path }}/validators/'
args:
chdir: '{{ dist_validators_path }}'
- name: Copy over secrets
command: |
rsync -ru \
{{ host_secrets | join(" ") }} '{{ dist_validators_data_path }}/secrets/'
args:
chdir: '{{ dist_validators_secrets_path }}'
- name: Adjust validators dir permissions
shell: chmod 0700 -R '{{ dist_validators_data_path }}/validators/*'
args:
warn: false
- name: Adjust validators file permissions
shell: find '{{ dist_validators_data_path }}/validators/' -type f -exec chmod 0600 {} \;
args:
warn: false
- name: Adjust secrets permissions
shell: chmod 0600 -R '{{ dist_validators_data_path }}/secrets/*'
args:
warn: false