feat: added invarch and fix hyperbridge/nexus playbooks a little bit

rotkonetworks · Jan 15, 2025 · 55dade6 · 55dade6
1 parent b55f8fc
commit 55dade6
Show file tree

Hide file tree

Showing 13 changed files with 350 additions and 11 deletions.
diff --git a/group_vars/all/all.yaml b/group_vars/all/all.yaml
@@ -163,6 +163,7 @@ proxmox_defaults:
 
 # Service users named after clients
 service_users:
+  ajuna: "ajuna"
   arbitrum: "arbitrum"
   avalanche: "avalanche"
   binance: "binance"
@@ -182,5 +183,5 @@ service_users:
   interlay: "interlay"
   unique: "unique"
   polimec: "polimec"
-  ajuna: "ajuna"
   penumbra: "penumbra"
+  invarch: "invarch"
diff --git a/group_vars/hyperbridge.yaml b/group_vars/hyperbridge.yaml
@@ -0,0 +1,23 @@
+---
+default_base_path: /opt/hyperbridge
+default_client_version: v1.0.0
+default_database: rocksdb
+default_database_path: "{{ default_base_path }}/chains"
+default_download_base_url: https://github.com/polytope-labs/hyperbridge/releases/download
+default_download_url: "{{ default_download_base_url }}/hyperbridge-{{ default_client_version }}/hyperbridge-x86_64-unknown-linux-gnu.tar.gz"
+default_user: "{{ service_users['hyperbridge'] }}"
+default_group: "{{ service_users['hyperbridge'] }}"
+default_log_level: info
+default_network: hyperbridge
+default_node_type: endpoint
+default_p2p_port_ws: 30434
+default_p2p_port_wss: 30435
+default_bootnode_p2p_port_ws: 30434
+default_bootnode_p2p_port_wss: 30435
+default_prom_port: 7400
+default_rpc_port: 9400
+default_secure_rpc_port: 42800
+default_service: hyperbridge
+default_storage: "{{ default_base_path }}/chains"
+default_telemetry_url: wss://telemetry-backend.w3f.community/submit/ 1
+zabbix_ext_port: 10800
diff --git a/group_vars/invarch.yaml b/group_vars/invarch.yaml
@@ -0,0 +1,23 @@
+---
+default_base_path: /opt/invarch
+default_client_version: v1.2.3
+default_database: paritydb
+default_database_path: "{{ default_base_path }}/chains"
+default_download_base_url: https://github.com/AbstractedCo/InvArch/releases/download
+default_download_url: "{{ default_download_base_url }}/{{ default_client_version }}-InvArch/invarch-collator"
+default_group: "{{ service_users['invarch'] }}"
+default_user: "{{ service_users['invarch'] }}"
+default_log_level: info
+default_network: invarch
+default_node_type: endpoint
+default_p2p_port_ws: 30434
+default_p2p_port_wss: 30435
+default_bootnode_p2p_port_ws: 30434
+default_bootnode_p2p_port_wss: 30435
+default_prom_port: 7400
+default_rpc_port: 9400
+default_secure_rpc_port: 42800
+default_service: invarch
+default_storage: "{{ default_base_path }}/chains"
+default_telemetry_url: wss://telemetry-backend.w3f.community/submit/ 1
+zabbix_ext_port: 10800
diff --git a/group_vars/kilt.yaml b/group_vars/kilt.yaml
@@ -7,8 +7,8 @@ default_client_version: 1.14.5
 default_database: rocksdb
 default_database_path: "{{ default_base_path }}/chains"
 #TODO: we need to compile KILT ourselves
-default_download_base_url: https://github.com/KILTprotocol/kilt-node/archive/refs/tags/
-default_download_url: "{{ default_download_base_url }}{{ default_client_version }}.tar.gz"
+default_download_base_url: https://github.com/KILTprotocol/kilt-node/archive/refs/tags
+default_download_url: "{{ default_download_base_url }}/{{ default_client_version }}.tar.gz"
 default_group: "{{ service_users['kilt'] }}"
 default_log_level: info
 default_network: kilt

diff --git a/group_vars/unique.yaml b/group_vars/unique.yaml
@@ -3,8 +3,8 @@ default_base_path: /opt/unique
 default_client_version: v10030070
 default_database: rocksdb
 default_database_path: "{{ default_base_path }}/chains"
-default_download_base_url: https://github.com/UniqueNetwork/unique-chain/releases/download/
-default_download_url: "{{ default_download_base_url }}{{ default_client_version }}/unique-collator-{{ default_client_version }}"
+default_download_base_url: https://github.com/UniqueNetwork/unique-chain/releases/download
+default_download_url: "{{ default_download_base_url }}/{{ default_client_version }}/unique-collator-{{ default_client_version }}"
 default_user: "{{ service_users['unique'] }}"
 default_group: "{{ service_users['unique'] }}"
 default_log_level: info

diff --git a/roles/setup_add_node_role/handlers/main.yaml b/roles/setup_add_node_role/handlers/main.yaml
@@ -307,6 +307,20 @@
     mode: "0644"
   when: role == "polkadot"
 
+- name: Add Invarch service version
+  community.general.ini_file:
+    create: True
+    no_extra_spaces: True
+    option: "version"
+    section: "node"
+    state: present
+    value: "{{ default_client_version }}"
+    path: "{{ noderole_file }}"
+    owner: root
+    group: root
+    mode: "0644"
+  when: role == "invarch"
+
 - name: Add Bifrost service version
   community.general.ini_file:
     create: True

diff --git a/roles/setup_install_hyperbridge/tasks/main.yaml b/roles/setup_install_hyperbridge/tasks/main.yaml
@@ -50,14 +50,28 @@
 - name: Flush handlers after Hyperbridge service copy
   ansible.builtin.meta: flush_handlers
 
-- name: Install Hyperbridge v{{ default_client_version }}
+- name: Download Hyperbridge v{{ default_client_version }}
   ansible.builtin.get_url:
     url: "{{ default_download_url }}"
-    dest: "{{ default_base_path }}/hyperbridge-v{{ default_client_version }}"
-    mode: "u+r+x"
+    dest: "{{ default_base_path }}/hyperbridge-v{{ default_client_version }}.tar.gz"
+    mode: "0640"
     owner: "{{ default_user }}"
     group: "{{ default_user }}"
   register: download_result
+  when:
+    - ansible_local['noderole']['node']['pinned'] != "True"
+    - ansible_local['noderole']['node']['version'] != default_client_version
+
+- name: Extract Hyperbridge archive
+  ansible.builtin.unarchive:
+    src: "{{ default_base_path }}/hyperbridge-v{{ default_client_version }}.tar.gz"
+    dest: "{{ default_base_path }}/hyperbridge-v{{ default_client_version }}"
+    remote_src: true
+    owner: "{{ default_user }}"
+    group: "{{ default_user }}"
+    mode: "0750"
+  when: download_result.changed
+  register: extract_result
   notify:
     - Add Service Pinned Status
     - Add Hyperbridge service version
@@ -67,9 +81,12 @@
     - Stop Hyperbridge
     - Systemd daemon-reload
     - Start Hyperbridge
-  when:
-    - ansible_local['noderole']['node']['pinned'] != "True"
-    - ansible_local['noderole']['node']['version'] != default_client_version
+
+- name: Clean up downloaded archive
+  ansible.builtin.file:
+    path: "{{ default_base_path }}/hyperbridge-v{{ default_client_version }}.tar.gz"
+    state: absent
+  when: extract_result.changed
 
 - name: Flush handlers after Hyperbridge install
   ansible.builtin.meta: flush_handlers

diff --git a/roles/setup_install_invarch/handlers/main.yaml b/roles/setup_install_invarch/handlers/main.yaml
@@ -0,0 +1,44 @@
+---
+- name: Symlink Invarch release
+  ansible.builtin.file:
+    src: "{{ default_base_path }}/invarch-{{ default_client_version }}"
+    dest: "{{ default_base_path }}/invarch"
+    force: True
+    state: link
+    owner: "{{ default_user }}"
+    group: "{{ default_user }}"
+
+- name: Symlink binary executable
+  ansible.builtin.file:
+    src: "{{ default_base_path }}/invarch-{{ default_client_version }}"
+    dest: "/usr/local/bin/invarch"
+    force: True
+    state: link
+    owner: "{{ default_user }}"
+    group: "{{ default_user }}"
+
+- name: Symlink Invarch service to systemd
+  ansible.builtin.file:
+    src: "{{ default_base_path }}/invarch.service"
+    dest: "/etc/systemd/system/invarch.service"
+    state: link
+    force: True
+    owner: "root"
+    group: "root"
+    mode: '0644'
+
+- name: Stop Invarch
+  ansible.builtin.systemd:
+    name: invarch
+    state: stopped
+    enabled: True
+
+- name: Systemd daemon-reload
+  ansible.builtin.systemd:
+    daemon_reload: True
+
+- name: Start Invarch
+  ansible.builtin.systemd:
+    name: invarch
+    state: started
+    enabled: True
diff --git a/roles/setup_install_invarch/meta/main.yaml b/roles/setup_install_invarch/meta/main.yaml
@@ -0,0 +1,14 @@
+# Standards: 0.2
+---
+galaxy_info:
+  author: Rotko Networks <[email protected]>
+  description: Install or upgrade Invarch parachain node
+  min_ansible_version: 3.0
+  platforms:
+    - name: Debian
+      versions:
+        - bullseye
+        - bookworm
+dependencies:
+  - setup_add_node_role
+  - setup_install_rust
diff --git a/roles/setup_install_invarch/tasks/main.yaml b/roles/setup_install_invarch/tasks/main.yaml
@@ -0,0 +1,80 @@
+---
+- name: Ensure group {{ default_user }} exists
+  ansible.builtin.group:
+    name: "{{ default_user }}"
+    state: present
+    system: True
+
+- name: Ensure user {{ default_user }} exists without unnecessary privileges
+  ansible.builtin.user:
+    append: True
+    comment: invarch service user
+    create_home: False
+    group: "{{ default_user }}"
+    groups: []
+    home: "{{ default_base_path }}"
+    name: "{{ default_user }}"
+    shell: "/sbin/nologin"
+    state: present
+    system: True
+
+- name: Ensure user {{ default_user }} owns directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    owner: "{{ default_user }}"
+    group: "{{ default_user }}"
+    mode: "0750"
+    state: directory
+  loop:
+    - "{{ default_base_path }}"
+    - "{{ default_database_path }}"
+
+- name: Gather facts
+  ansible.builtin.setup:
+
+- name: Copy Invarch systemd service for specific node type
+  ansible.builtin.template:
+    src: "{{ default_node_type + '.service.j2' }}"
+    dest: "{{ default_base_path }}/invarch.service"
+    owner: "{{ default_user }}"
+    group: "{{ default_user }}"
+    mode: "0640"
+  when: default_node_type in ["collator", "bootnode", "endpoint"]
+  notify:
+    - Symlink Invarch service to systemd
+    - Stop Invarch
+    - Systemd daemon-reload
+    - Start Invarch
+    - Add type of service fact
+
+- name: Flush handlers after Invarch service copy
+  ansible.builtin.meta: flush_handlers
+
+- name: Install Invarch {{ default_client_version }}
+  ansible.builtin.get_url:
+    url: "{{ default_download_url }}"
+    dest: "{{ default_base_path }}/invarch-{{ default_client_version }}"
+    mode: "u+r+x"
+    owner: "{{ default_user }}"
+    group: "{{ default_user }}"
+  register: download_result
+  notify:
+    - Add Service Pinned Status
+    - Add Invarch service version
+    - Symlink Invarch service to systemd
+    - Symlink Invarch release
+    - Symlink binary executable
+    - Stop Invarch
+    - Systemd daemon-reload
+    - Start Invarch
+  when:
+    - ansible_local['noderole']['node']['pinned'] != "True"
+    - ansible_local['noderole']['node']['version'] != default_client_version
+
+- name: Flush handlers after Invarch install
+  ansible.builtin.meta: flush_handlers
+
+- name: Ensure Invarch service is running
+  ansible.builtin.systemd:
+    name: invarch
+    state: started
diff --git a/roles/setup_install_invarch/templates/bootnode.service.j2 b/roles/setup_install_invarch/templates/bootnode.service.j2
@@ -0,0 +1,41 @@
+[Unit]
+Description="{{ host_name.split('.')[0] }} bootnode - Invarch service"
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+User={{ default_user }}
+Group={{ default_group }}
+ExecStart={{ default_base_path }}/invarch \
+  --name "{{ default_telemetry_name }}" \
+  --chain {{ default_network }} \
+  --base-path {{ default_base_path }} \
+  --database {{ default_database }} \
+  --state-pruning 256 \
+  --log sync=warn,afg=warn,babe=warn \
+  --telemetry-url 'wss://telemetry-backend.w3f.community/submit 1' \
+  --telemetry-url 'wss://telemetry.polkadot.io/submit/ 1' \
+  --listen-addr /ip4/0.0.0.0/tcp/{{ default_p2p_port }} \
+  --listen-addr /ip4/0.0.0.0/tcp/{{ default_p2p_port_ws }}/ws \
+  --public-addr /ip4/{{ ansible_host }}/tcp/{{ default_p2p_port }} \
+  --public-addr /ip4/{{ ansible_host }}/tcp/{{ default_p2p_port_ws }}/ws \
+  --public-addr /dns/{{ default_domain }}/tcp/{{ default_p2p_port }} \
+  --public-addr /dns/{{ default_domain }}/tcp/{{ default_p2p_port_ws }}/ws \
+  --public-addr /dns/{{ default_domain }}/tcp/{{ default_p2p_port_wss }}/wss \
+  --rpc-port {{ default_rpc_port }} \
+  --prometheus-port {{ default_prom_port }} \
+  --prometheus-external \
+  --relay-chain-rpc-urls {{ default_relay_rpc }} {{ default_relay_rpc_fallback }} \
+  --wasm-execution Compiled \
+  --sync {{ default_syncmode | default('fast-unsafe') }} \
+  --no-hardware-benchmarks \
+  --rpc-external \
+  --rpc-methods safe \
+  --rpc-cors all \
+  --allow-private-ipv4
+
+Restart=always
+RestartSec=120
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/setup_install_invarch/templates/collator.service.j2 b/roles/setup_install_invarch/templates/collator.service.j2
@@ -0,0 +1,35 @@
+[Unit]
+Description="{{ host_name.split('.')[0] }} Collator - Invarch service"
+After=network.target
+StartLimitIntervalSec=0
+
+[Service]
+Type=simple
+Restart=on-failure
+RestartSec=10
+User={{ default_user }}
+Group={{ default_group }}
+SyslogIdentifier={{ default_service }}
+LimitNOFILE={{ default_max_open_files_in_service }}
+SyslogFacility=local7
+KillSignal=SIGHUP
+ExecStart={{ default_base_path }}/invarch \
+     --base-path {{ default_base_path }} \
+     --chain {{ default_network }} \
+     --database {{ default_database }} \
+     --sync {{ default_syncmode }} \
+     --name "{{ hostvars[inventory_hostname]['default_telemetry_name'] | default(host_name) }}" \
+     --telemetry-url 'wss://telemetry-backend.w3f.community/submit 1' \
+     --port {{ default_p2p_port }} \
+     --rpc-port {{ default_rpc_port }} \
+     --prometheus-port {{ default_prom_port }} \
+     --prometheus-external \
+     --public-addr /ip4/{{ ansible_host }}/tcp/{{ default_p2p_port }} \
+     --public-addr /ip4/{{ ansible_host }}/tcp/{{ default_p2p_port_ws }}/ws \
+     --relay-chain-rpc-urls {{ default_relay_rpc }} {{ default_relay_rpc_fallback }} \
+     --wasm-execution compiled \
+     --pruning 1000 \
+     --db-cache {{ ansible_memtotal_mb // 2 }}
+
+[Install]
+WantedBy=multi-user.target