diff --git a/README.md b/README.md index b1024a5..4f29c12 100644 --- a/README.md +++ b/README.md @@ -32,9 +32,9 @@ Add to your `requirements.yml` file: The crucial settings are: ```yaml # branch which should be built -codex_repo_branch: 'stable' +nim_codex_repo_branch: 'stable' # optional setting for debug mode -codex_log_level: 'DEBUG' +nim_codex_log_level: 'DEBUG' ``` # Management diff --git a/defaults/main.yml b/defaults/main.yml index 1d9c920..c329188 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,55 +1,50 @@ --- -codex_service_name: 'codex-{{ codex_repo_branch }}' -codex_service_path: '/data/{{ codex_service_name }}' -codex_data_folder: '{{ codex_service_path }}/data' -codex_repo_path: '{{ codex_service_path }}/repo' -codex_logs_link: '{{ codex_service_path }}/logs' +nim_codex_service_name: 'codex-{{ nim_codex_repo_branch }}' +nim_codex_service_path: '/data/{{ nim_codex_service_name }}' +nim_codex_data_folder: '{{ nim_codex_service_path }}/data' +nim_codex_repo_path: '{{ nim_codex_service_path }}/repo' +nim_codex_logs_link: '{{ nim_codex_service_path }}/logs' -codex_user: 'codex' -codex_group: 'staff' +nim_codex_user: 'codex' +nim_codex_group: 'staff' -codex_build_service_name: 'build-{{ codex_service_name }}' -codex_build_timer_enabled: true -codex_build_timer_timeout: 3600 -codex_build_frequency: 'daily' -codex_build_days_kept: 3 -codex_build_jobs: '{{ ansible_processor_vcpus / 2 | round(0, "ceil") }}' -codex_build_log_level: 'TRACE' -codex_build_restarts_service: true -codex_build_nim_flags: >- +# Build +nim_codex_build_service_name: 'build-{{ nim_codex_service_name }}' +nim_codex_build_timer_enabled: true +nim_codex_build_timer_timeout: 3600 +nim_codex_build_frequency: 'daily' +nim_codex_build_days_kept: 3 +nim_codex_build_jobs: '{{ ansible_processor_vcpus / 2 | round(0, "ceil") }}' +nim_codex_build_log_level: 'TRACE' +nim_codex_build_restarts_service: true +nim_codex_build_nim_flags: >- -d:noSignalHandler -codex_repo_url: 'https://github.com/status-im/nim-dagger' -codex_repo_branch: 'main' +nim_codex_repo_url: 'https://github.com/status-im/nim-dagger' +nim_codex_repo_branch: 'main' -codex_log_level: 'INFO' # TRACE DEBUG INFO NOTICE WARN ERROR FATAL NONE -codex_log_format: 'json' # auto colors nocolors json none +nim_codex_log_level: 'INFO' # TRACE DEBUG INFO NOTICE WARN ERROR FATAL NONE +nim_codex_log_format: 'json' # auto colors nocolors json none # connectivity settings -codex_public_address: '{{ ansible_host }}' -codex_max_peers: 160 -codex_discovery_port: 9000 -codex_listening_port: 9000 - -# Firewall -codex_firewall_libp2p_open: true -codex_firewall_metrics_open: true +nim_codex_public_address: '{{ ansible_host }}' +nim_codex_max_peers: 160 +nim_codex_listening_port: 9000 # Scraping of metrics done via VPN. Protected by firewall. -codex_metrics_enabled: true -codex_metrics_address: '0.0.0.0' -codex_metrics_port: 9200 - -codex_rest_port: 5052 +nim_codex_metrics_enabled: true +nim_codex_metrics_address: '0.0.0.0' +nim_codex_metrics_port: 9200 +nim_codex_rest_port: 5052 # Size in MiB -codex_cache_size: 100 +nim_codex_cache_size: 100 # Consul service definition settings -codex_consul_service_name: 'beacon-node' -codex_consul_service_file_name: '{{ codex_service_name | replace("-", "_") }}' -codex_consul_metrics_service_name: '{{ codex_consul_service_name }}-metrics' +nim_codex_consul_service_name: 'beacon-node' +nim_codex_consul_service_file_name: '{{ nim_codex_service_name | replace("-", "_") }}' +nim_codex_consul_metrics_service_name: '{{ nim_codex_consul_service_name }}-metrics' # Which version of Nim to use for the build # By default, it would use the one specified by the pinned nimbus-build-system -codex_nim_commit: '' +nim_codex_nim_commit: '' diff --git a/files/ansible_toggle.sh b/files/ansible_toggle.sh deleted file mode 100644 index f87a0d7..0000000 --- a/files/ansible_toggle.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash -# Call this script to toggle whether Ansible should make changes. -# If named 'ansible_disabled.sh' all Ansible tasks are skipped. -set -e -SCRIPT_PATH=$(realpath -s "${0}") -if [[ "${SCRIPT_PATH}" =~ _enabled.sh$ ]]; then - mv -f "${SCRIPT_PATH}" "${SCRIPT_PATH/enabled/disabled}" - echo "Disabled automatic updates by Ansible!" -elif [[ "${SCRIPT_PATH}" =~ _disabled.sh$ ]]; then - mv -f "${SCRIPT_PATH}" "${SCRIPT_PATH/disabled/enabled}" - echo "Enabled automatic updates by Ansible!" -else - echo "Expected script name to include 'disabled' or 'enabled'!" >&2 - exit 1 -fi diff --git a/tasks/build.yml b/tasks/build.yml index e858723..73d8e17 100644 --- a/tasks/build.yml +++ b/tasks/build.yml @@ -1,30 +1,30 @@ --- - name: Clone repo branch git: - repo: '{{ codex_repo_url }}' - version: '{{ codex_repo_branch }}' - dest: '{{ codex_repo_path }}' + repo: '{{ nim_codex_repo_url }}' + version: '{{ nim_codex_repo_branch }}' + dest: '{{ nim_codex_repo_path }}' force: true update: true - become_user: '{{ codex_user }}' + become_user: '{{ nim_codex_user }}' - name: Check if node binary exists stat: - path: '{{ codex_repo_path }}/build/codex' - register: codex_bin + path: '{{ nim_codex_repo_path }}/build/codex' + register: nim_codex_bin - name: Create timer for build script include_role: name=systemd-timer vars: - systemd_timer_name: '{{ codex_build_service_name }}' - systemd_timer_user: '{{ codex_user }}' - systemd_timer_group: '{{ codex_group }}' - systemd_timer_description: 'Build {{ codex_service_name }}' - systemd_timer_start_on_creation: '{{ not codex_bin.stat.exists }}' + systemd_timer_name: '{{ nim_codex_build_service_name }}' + systemd_timer_user: '{{ nim_codex_user }}' + systemd_timer_group: '{{ nim_codex_group }}' + systemd_timer_description: 'Build {{ nim_codex_service_name }}' + systemd_timer_start_on_creation: '{{ not nim_codex_bin.stat.exists }}' systemd_timer_ionice_class: 'idle' systemd_timer_consul_warning: true - systemd_timer_enabled: '{{ codex_build_timer_enabled }}' - systemd_timer_frequency: '{{ codex_build_frequency }}' - systemd_timer_timeout_sec: '{{ codex_build_timer_timeout }}' - systemd_timer_work_dir: '{{ codex_service_path }}' - systemd_timer_script_path: '{{ codex_service_path }}/build.sh' + systemd_timer_enabled: '{{ nim_codex_build_timer_enabled }}' + systemd_timer_frequency: '{{ nim_codex_build_frequency }}' + systemd_timer_timeout_sec: '{{ nim_codex_build_timer_timeout }}' + systemd_timer_work_dir: '{{ nim_codex_service_path }}' + systemd_timer_script_path: '{{ nim_codex_service_path }}/build.sh' diff --git a/tasks/checks.yml b/tasks/checks.yml deleted file mode 100644 index 3ac66f9..0000000 --- a/tasks/checks.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Used by devs who make manual changes to node setup. -- name: Check Ansible toggle script - stat: - path: '{{ codex_service_path }}/ansible_disabled.sh' - register: codex_ansible_toggle - -- name: Check if Ansible updates are disabled - set_fact: - codex_ansible_disabled: '{{ codex_ansible_toggle.stat.exists }}' - -# Using 'fail' task to make the warning red and visible. -- name: 'WARNING: {{ codex_service_name }}' - fail: - msg: 'WARNING: Ansible changes disabled due to toggle script!' - when: codex_ansible_disabled - ignore_errors: true diff --git a/tasks/config.yml b/tasks/config.yml index f157ab3..f54507d 100644 --- a/tasks/config.yml +++ b/tasks/config.yml @@ -1,18 +1,18 @@ --- - name: Create service directory file: - path: '{{ codex_data_folder }}' + path: '{{ nim_codex_data_folder }}' state: directory - owner: '{{ codex_user }}' - group: '{{ codex_group }}' + owner: '{{ nim_codex_user }}' + group: '{{ nim_codex_group }}' mode: 0770 - name: Create helper scripts template: src: '{{ item }}' - dest: '{{ codex_service_path }}/{{ item|basename|replace(".j2", "") }}' - owner: '{{ codex_user }}' - group: '{{ codex_group }}' + dest: '{{ nim_codex_service_path }}/{{ item|basename|replace(".j2", "") }}' + owner: '{{ nim_codex_user }}' + group: '{{ nim_codex_group }}' mode: 0750 with_fileglob: - 'templates/scripts/*' diff --git a/tasks/consul.yml b/tasks/consul.yml index 3a3d104..48ebef6 100644 --- a/tasks/consul.yml +++ b/tasks/consul.yml @@ -3,22 +3,22 @@ #- name: 'Create Consul service definition' # include_role: name=consul-service # vars: -# consul_config_name: '{{ codex_consul_service_file_name }}' +# consul_config_name: '{{ nim_codex_consul_service_file_name }}' # consul_services: -# - id: '{{ codex_service_name }}' -# name: '{{ codex_consul_service_name }}' -# port: '{{ codex_listening_port }}' -# address: '{{ codex_public_address }}' +# - id: '{{ nim_codex_service_name }}' +# name: '{{ nim_codex_consul_service_name }}' +# port: '{{ nim_codex_listening_port }}' +# address: '{{ nim_codex_public_address }}' # tags: ['{{ env }}.{{ stage }}', 'beacon', 'nimbus'] # -# - id: '{{ codex_service_name }}-metrics' -# name: '{{ codex_consul_metrics_service_name }}' -# port: '{{ codex_metrics_port }}' +# - id: '{{ nim_codex_service_name }}-metrics' +# name: '{{ nim_codex_consul_metrics_service_name }}' +# port: '{{ nim_codex_metrics_port }}' # address: '{{ ansible_local.wireguard.vpn_ip }}' # tags: ['{{ env }}.{{ stage }}', 'beacon', 'nimbus', 'metrics'] # meta: -# container: '{{ codex_service_name }}' +# container: '{{ nim_codex_service_name }}' # checks: -# - name: '{{ codex_consul_metrics_service_name }}-health' +# - name: '{{ nim_codex_consul_metrics_service_name }}-health' # type: 'http' -# http: 'http://localhost:{{ codex_metrics_port }}/health' +# http: 'http://localhost:{{ nim_codex_metrics_port }}/health' diff --git a/tasks/firewall.yml b/tasks/firewall.yml index 05e48fe..6d3b362 100644 --- a/tasks/firewall.yml +++ b/tasks/firewall.yml @@ -2,10 +2,8 @@ - name: Open Libp2p ports in iptables include_role: name=open-ports vars: - open_ports_default_comment: '{{ codex_service_name }}' + open_ports_default_comment: '{{ nim_codex_service_name }}' open_ports_default_chain: 'SERVICES' open_ports_list: - - { port: '{{ codex_listening_port }}', protocol: 'tcp', state: '{{ codex_firewall_libp2p_open | ternary("present", "absent") }}' } - - { port: '{{ codex_discovery_port }}', protocol: 'udp', state: '{{ codex_firewall_libp2p_open | ternary("present", "absent") }}' } - - { port: '{{ codex_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq', state: '{{ codex_firewall_metrics_open | ternary("present", "absent") }}' } - - { port: '{{ codex_rest_port }}', chain: 'VPN', ipset: '{{ env }}.{{ stage }}' } + - { port: '{{ nim_codex_listening_port }}', protocol: 'tcp' } + - { port: '{{ nim_codex_rest_port }}', chain: 'VPN', ipset: '{{ env }}.{{ stage }}' } diff --git a/tasks/main.yml b/tasks/main.yml index 245ae20..43310ea 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,11 +1,8 @@ --- -- include_tasks: checks.yml -- when: not codex_ansible_disabled - block: - - include_tasks: install.yml - - include_tasks: user.yml - - include_tasks: config.yml - - include_tasks: build.yml - - include_tasks: service.yml - - include_tasks: firewall.yml -# - include_tasks: consul.yml +- include_tasks: install.yml +- include_tasks: user.yml +- include_tasks: config.yml +- include_tasks: build.yml +- include_tasks: service.yml +- include_tasks: firewall.yml +#- include_tasks: consul.yml diff --git a/tasks/service.yml b/tasks/service.yml index 9162999..181b4d1 100644 --- a/tasks/service.yml +++ b/tasks/service.yml @@ -1,23 +1,23 @@ --- - name: Symlink service logs folder file: - src: '/var/log/service/{{ codex_service_name }}' - dest: '{{ codex_logs_link }}' + src: '/var/log/service/{{ nim_codex_service_name }}' + dest: '{{ nim_codex_logs_link }}' state: 'link' force: true - name: Create systemd Unit file template: src: 'beacon-node.service.j2' - dest: '/etc/systemd/system/{{ codex_service_name }}.service' + dest: '/etc/systemd/system/{{ nim_codex_service_name }}.service' mode: 0644 - register: codex_service_definition + register: nim_codex_service_definition - name: Reload and restart the service systemd: - name: '{{ codex_service_name }}.service' + name: '{{ nim_codex_service_name }}.service' enabled: true daemon_reload: true state: |- - {{ codex_service_definition.changed + {{ nim_codex_service_definition.changed | ternary("restarted", "started") }} diff --git a/tasks/user.yml b/tasks/user.yml index 55b13c9..2d2e56a 100644 --- a/tasks/user.yml +++ b/tasks/user.yml @@ -1,8 +1,8 @@ --- - name: Create user for codex builds user: - name: '{{ codex_user }}' - group: '{{ codex_group }}' + name: '{{ nim_codex_user }}' + group: '{{ nim_codex_group }}' shell: '/bin/bash' - name: Set disable rebase as merge strategy @@ -10,16 +10,16 @@ scope: 'global' name: 'pull.rebase' value: 'false' - become_user: '{{ codex_user }}' + become_user: '{{ nim_codex_user }}' - name: Sudoers file to let non-root users start jobs template: src: 'builds_sudoers.j2' - dest: '/etc/sudoers.d/80-{{ codex_service_name }}-builds' + dest: '/etc/sudoers.d/80-{{ nim_codex_service_name }}-builds' mode: 0440 - name: Sudoers file for login as codex user template: src: 'codex_sudoers.j2' - dest: '/etc/sudoers.d/81-{{ codex_service_name }}-login' + dest: '/etc/sudoers.d/81-{{ nim_codex_service_name }}-login' mode: 0440 diff --git a/templates/beacon-node.service.j2 b/templates/beacon-node.service.j2 index 643ad82..d7f819c 100644 --- a/templates/beacon-node.service.j2 +++ b/templates/beacon-node.service.j2 @@ -1,25 +1,25 @@ [Unit] -Description=Codex ({{ codex_repo_branch }}) +Description=Codex ({{ nim_codex_repo_branch }}) Documentation=https://github.com/status-im/nim-dagger/ Requires=network-online.target After=network-online.target [Service] -User={{ codex_user }} -Group={{ codex_group }} -WorkingDirectory={{ codex_service_path }} -SyslogIdentifier={{ codex_service_name }} +User={{ nim_codex_user }} +Group={{ nim_codex_group }} +WorkingDirectory={{ nim_codex_service_path }} +SyslogIdentifier={{ nim_codex_service_name }} SyslogFacility=local6 SyslogLevel=debug Restart=on-failure -ExecStart={{ codex_repo_path }}/build/codex \ - --data-dir='{{ codex_data_folder }}' \ -## --log-format={{ codex_log_format }} \ -## --log-level={{ codex_log_level }} \ - --listen-addrs=/ip4/{{ codex_public_address }}/tcp/{{ codex_listening_port }} \ - --max-peers={{ codex_max_peers }} \ - --api-port={{ codex_rest_port }} \ - --cache-size={{ codex_cache_size }} \ +ExecStart={{ nim_codex_repo_path }}/build/codex \ + --data-dir='{{ nim_codex_data_folder }}' \ +## --log-format={{ nim_codex_log_format }} \ +## --log-level={{ nim_codex_log_level }} \ + --listen-addrs=/ip4/{{ nim_codex_public_address }}/tcp/{{ nim_codex_listening_port }} \ + --max-peers={{ nim_codex_max_peers }} \ + --api-port={{ nim_codex_rest_port }} \ + --cache-size={{ nim_codex_cache_size }} \ [Install] WantedBy=multi-user.target diff --git a/templates/builds_sudoers.j2 b/templates/builds_sudoers.j2 index 679dc2c..4ef43e2 100644 --- a/templates/builds_sudoers.j2 +++ b/templates/builds_sudoers.j2 @@ -1,12 +1,12 @@ # Allow non-root users start Codex builds and manage service with sudo. -# {{ codex_service_name }} -%{{ codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *status {{ codex_service_name }}* -%{{ codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *start {{ codex_service_name }}* -%{{ codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *stop {{ codex_service_name }}* -%{{ codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *restart {{ codex_service_name }}* -# build-{{ codex_service_name }} -%{{ codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *status build-{{ codex_service_name }}* -%{{ codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *start build-{{ codex_service_name }}* -%{{ codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *stop build-{{ codex_service_name }}* -%{{ codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *restart build-{{ codex_service_name }}* +# {{ nim_codex_service_name }} +%{{ nim_codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *status {{ nim_codex_service_name }}* +%{{ nim_codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *start {{ nim_codex_service_name }}* +%{{ nim_codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *stop {{ nim_codex_service_name }}* +%{{ nim_codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *restart {{ nim_codex_service_name }}* +# build-{{ nim_codex_service_name }} +%{{ nim_codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *status build-{{ nim_codex_service_name }}* +%{{ nim_codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *start build-{{ nim_codex_service_name }}* +%{{ nim_codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *stop build-{{ nim_codex_service_name }}* +%{{ nim_codex_group }} ALL= NOPASSWD: /usr/bin/systemctl *restart build-{{ nim_codex_service_name }}* diff --git a/templates/codex_sudoers.j2 b/templates/codex_sudoers.j2 index d7720df..21d54d8 100644 --- a/templates/codex_sudoers.j2 +++ b/templates/codex_sudoers.j2 @@ -1,4 +1,4 @@ # Allow non-root users logging in as codex user -%{{ codex_group }} ALL= NOPASSWD: /bin/su – {{ codex_user }} -%{{ codex_group }} ALL=({{ codex_user }}) NOPASSWD: ALL +%{{ nim_codex_group }} ALL= NOPASSWD: /bin/su – {{ nim_codex_user }} +%{{ nim_codex_group }} ALL=({{ nim_codex_user }}) NOPASSWD: ALL diff --git a/templates/scripts/build.sh.j2 b/templates/scripts/build.sh.j2 index 3e557b6..8b579cf 100644 --- a/templates/scripts/build.sh.j2 +++ b/templates/scripts/build.sh.j2 @@ -7,7 +7,7 @@ function headIsDetached() { } function binaryExists() { - ls -l build/nimbus_codex_${COMMIT} 2>&1 1>/dev/null + ls -l build/nim_codex_${COMMIT} 2>&1 1>/dev/null } function fetchChanges() { @@ -18,15 +18,18 @@ function fetchChanges() { function buildBinaries() { # Control number of jobs used to lower impact on running nodes - export MAKEFLAGS="-j{{ codex_build_jobs | int }}" -{% if codex_nim_commit is defined and codex_nim_commit != "" %} - export NIM_COMMIT={{ codex_nim_commit }} + export MAKEFLAGS="-j{{ nim_codex_build_jobs | int }}" +{% if nim_codex_nim_commit is defined and nim_codex_nim_commit != "" %} + export NIM_COMMIT={{ nim_codex_nim_commit }} {% endif %} make update OVERRIDE=1 make libbacktrace - ./env.sh nim "{{ codex_build_nim_flags }}" -d:chronicles_log_level:{{ codex_build_log_level }} c dagger.nim + ./env.sh nim \ + {{ nim_codex_build_nim_flags }} \ + -d:chronicles_log_level:{{ nim_codex_build_log_level }} \ + c dagger.nim mkdir -p build # Rename binaries to match commit they were built from. @@ -36,21 +39,21 @@ function buildBinaries() { ln -frs build/codex_${COMMIT} build/codex # Delete copies that are older than N days - find build -mtime +{{ codex_build_days_kept }} -exec rm '{}' \+ + find build -mtime +{{ nim_codex_build_days_kept }} -exec rm '{}' \+ } #------------------------------------------------------------------------------- -BRANCH="{{ codex_repo_branch }}" -SERVICE="{{ codex_service_name }}.service" -SERVICE_PATH="{{ codex_service_path }}" +BRANCH="{{ nim_codex_repo_branch }}" +SERVICE="{{ nim_codex_service_name }}.service" +SERVICE_PATH="{{ nim_codex_service_path }}" echo " >>> Build Start: $(date -u +"%Y-%m-%dT%H:%M:%SZ")" cd "${SERVICE_PATH}" -if [[ "${USER}" != "{{ codex_user }}" ]]; then +if [[ "${USER}" != "{{ nim_codex_user }}" ]]; then echo "Incorrect user: ${USER}" >&2 - echo "Expected: {{ codex_user }}" >&2 + echo "Expected: {{ nim_codex_user }}" >&2 exit 1 fi @@ -75,7 +78,7 @@ else buildBinaries fi -{% if codex_build_restarts_service %} +{% if nim_codex_build_restarts_service %} # Avoid faiure on first Ansible run due to missing service. if [[ $(systemctl is-active "${SERVICE}" || true) == "inactive" ]]; then echo " !!! No service to restart!"